15 July 2026

Kudankulam Nuclear Plant Data Breach: Sensitive Files Leak on Dark Web

Kudankulam Nuclear Plant Data Breach: Sensitive Files Leak on Dark Web

India’s largest nuclear power plant, Kudankulam in Tamil Nadu, has suffered a major data breach: ransomware group World Leaks published nearly 19,000 highly sensitive files on the dark web, 
allegedly taken from Reliance Infrastructure servers. 
The leaked documents include blueprints, supplier lists, inspection reports, and insurance records, sparking serious security concerns.



This is a data breach affecting files from contractor Reliance Infrastructure (part of Anil Ambani's Reliance Group)

Timeline of the Leak - 

Late May 2026: 
Yotta (a thirdparty data center provider) detected suspicious activity on Reliance Infrastructure’s server and halted what appeared to be a ransomware attempt.

June 2026: 
Reliance informed Yotta that external actors claimed possession of stolen data.

July 15, 2026: 
Ransomware group World Leaks published ~858,000 Reliance files, including ~19,000 highly sensitive ones linked to Kudankulam Nuclear Power Plant (KNPP).

Content of leak: 
Engineering drawings, ventilation/cooling system blueprints, control room floor plans, supplier lists, inspection records, and a $112 million terrorism insurance policy for Units 3 & 4.

Response: 
Reliance admitted a “partial breach,” CERTIn (India’s cybersecurity agency) launched an investigation, and NPCIL (Nuclear Power Corporation of India Ltd.) coordinated with Reliance.

Ransom/Blackmail/Sale: 
World Leaks is a known ransomware group (previously targeted Nike, Tata Group). 
They typically post data after victims ignore ransom demands (e.g., they sought $1.5M from Tata). 
Reports indicate they posted after non-payment, consistent with their pattern. 
No confirmed public details on a specific demand for this breach or evidence of data being sold to third parties (as of reporting). 

Potential risks: 
Experts like Nickolas Roth (Nuclear Threat Initiative) called it a "serious" risk to plant safety. Files could help adversaries map support systems, identify suppliers, and find security weaknesses. 

This is the second known cyber incident linked to Kudankulam. 
In 2019, North Korean-linked Lazarus Group malware (Dtrack) infected the administrative (internet-connected) network for data theft/reconnaissance. 
It did not reach isolated critical control systems; NPCIL confirmed it after initial denials

History of Kudankulam Nuclear Power Plant  -

Location: 
Tirunelveli district, Tamil Nadu.

Partnership: 
Built jointly by India and Russia; reactors supplied by Russia’s Rosatom.

Reactor Type: 
VVER1000 Light Water Reactors (higher output than India’s indigenous PHWRs).

Units:

Unit 1: Commissioned in 2013, 1000 MW.

Unit 2: Commissioned in 2016, 1000 MW.

Units 3 & 4: Under construction by Reliance Infrastructure, expected operational by 2027, combined 2000 MW.

Units 5 & 6: Planned, also 1000 MW each, part of India’s atomic expansion strategy.

Strategic Role: Central to India’s plan to expand nuclear energy capacity under PM Modi’s energy roadmap.

History and Timeline of Kudankulam Nuclear Power Plant

Kudankulam, in Tamil Nadu's Tirunelveli district, is India's largest nuclear plant (currently ~2,000 MW operational from Units 1 & 2; more under construction). 
It uses Russian VVER-1000 pressurized water reactors. 


Key timeline:

1988: Indo-Soviet agreement signed by PM Rajiv Gandhi and Mikhail Gorbachev for two reactors.

Post-1991: 
Dormant due to Soviet collapse and NSG issues.

1998/2000: 
Revived; construction began March 31, 2002 (Units 1 & 2).

2008+: 
Plans expanded to six units total (6,000 MW ultimate capacity).
2011–2013: Major protests (post-Fukushima) led by S.P. Udayakumar/People's Movement Against Nuclear Energy (PMANE). Concerns over safety, evacuation, fisheries impact. 
Protests involved thousands; arrests (including sedition charges); a 7-month blockade. Supreme Court upheld the project in 2013 after reviews. 

Unit 1: Criticality July 2013; grid connection Oct 2013; commercial Dec 2014 (delays from equipment, protests, design reviews).

Unit 2: Criticality 2016; commercial 2017.

Units 3 & 4: Construction from 2017; ~80%+ progress as of early 2026; expected ~2027.

Units 5 & 6: Under construction; later timeline (~2027+). 

Current status (as of mid-2026 reports): 
Units 1 & 2 running; 3–6 advancing with Russian collaboration (Rosatom for nuclear island). Fuel delivered for Unit 3 in late 2025. 

The 2026 incident highlights third-party/contractor risks in India's nuclear supply chain and broader cybersecurity gaps (India ranks high in reported breaches). 

It does not appear to involve direct plant network compromise or core reactor data. 

Investigations are ongoing; no evidence of immediate operational impact or confirmed data sales beyond the public leak by World Leaks. 


This builds on the 2019 administrative malware incident but differs in nature (ransomware data exfiltration vs. state-linked espionage). 
Nuclear plants maintain strict air-gapped critical systems, but support/infrastructure data still carries risks. 
Official responses emphasize containment and review.