Kudankulam Nuclear Plant Data Breach: Sensitive Files Accessed from Contractor's Server
A ransomware group has accessed sensitive files from a server belonging to a contractor at the Kudankulam Nuclear Power Project (KKNPP) in Tamil Nadu, according to reports. The breach has raised concerns about potential security vulnerabilities, though officials have stated that the compromised data does not pertain to nuclear safety.
The files, dating from 2016 to mid-2025, include engineering blueprints for control, cooling, and ventilation systems, lists of vendors and suppliers, operational meeting records, and joint inspection reviews by Indian and Russian engineers. The data was reportedly accessed from a server hosted by Yotta, a third-party provider used by Reliance Group, the contractor for the project. Reliance Group has acknowledged a 'partial breach' but declined to specify the nature of the compromised data.
The KKNPP, which operates two 1,000 MWe VVER reactors, is constructing four additional units with Russian technical assistance. The project is expected to become India's largest nuclear park with a capacity of 6,000 MW. The breach was detected through suspicious activity on the server on May 29, 2025, and reported in late June. Investigations by the Nuclear Power Corporation of India Limited (NPCIL) and the Computer Emergency Response Team are ongoing.
Sources within the KKNPP confirmed the leak, describing it as a serious security concern that could allow adversaries to map support systems and identify vulnerabilities. However, a senior NPCIL official downplayed the risk, stating that the leaked files are 'ordinary files common to any thermal power plant' and not related to plant or nuclear safety.
This incident follows a similar breach in 2019, when a North Korean malware infection on KKNPP's administrative network exposed vulnerabilities. At that time, NPCIL claimed its network was 'unbreachable' and that no data was accessed. Efforts to reach KKNPP officials for comment on the latest breach were unsuccessful.