Kudankulam Nuclear Plant Data Leak: 14.3 GB of Information Exposed, Core Reactor Systems Unaffected
On July 15, 2026, reports emerged of a significant data leak from the Kudankulam Nuclear Power Plant in Tamil Nadu. The breach, part of a larger infiltration into Reliance Infrastructure Limited, exposed 14.3 GB of data including floor plans and operational details. The data was posted on World Leaks, a dark web site run by cybercriminals who had attempted a ransomware attack on the company.
The Nuclear Power Corporation of India Limited (NPCIL) issued a statement clarifying that the leaked files pertain only to conventional Balance of Plant (BOP) common service facilities. “The information does not relate to any nuclear safety or nuclear security-related systems,” NPCIL said, adding that core reactor operations remain uncompromised.
Reliance Infrastructure, a subsidiary of the Reliance Anil Dhirubhai Ambani Group, said it was informed by its data centre service provider, Yotta Data Services Private Limited, of a cybersecurity incident. According to a Reliance spokesperson, Yotta detected suspicious activity on May 29 and took immediate action to isolate the affected server, preventing ransomware execution. “No data loss or lateral movement occurred,” Reliance stated in a stock exchange filing.
Yotta confirmed that the incident was limited to a single customer-managed server within Reliance Infrastructure’s private cloud environment. “Our technical assessment found no evidence of ransomware encryption or impact on other systems,” a Yotta representative said. The company has since enhanced security measures and is conducting a detailed investigation.
The leaked files reportedly include blueprints, supplier details, meeting and inspection records, equipment reviews, and a $112 million insurance policy against terrorist attacks. While the breach has caused concern among plant officials, NPCIL and Reliance have downplayed its significance, stressing that sensitive nuclear data remains secure.
The Kudankulam plant currently operates two 1,000 MWe VVER reactors built with Russian collaboration, generating up to two gigawatts of power. The government plans to add four more units, tripling capacity. The incident highlights ongoing cybersecurity challenges facing critical infrastructure in India.