🏠 News Empire
tech

Kudankulam Nuclear Plant: Thousands of Files Leaked in Reliance Data Breach

Published on: 15 Jul 2026, 04:15 PM
Kudankulam Nuclear Plant: Thousands of Files Leaked in Reliance Data Breach

A ransomware group known as World Leaks has posted a large cache of files on the dark web that it claims relate to India's largest nuclear power plant, the Kudankulam Nuclear Power Plant in Tamil Nadu. The files include purported blueprints of parts of the facility and supplier details, and the group has labeled the information as coming from the Reliance Group, a contractor for the plant.

The Kudankulam plant is central to Prime Minister Narendra Modi's plans to expand India's nuclear energy capacity. Reliance Group, led by businessman Anil Ambani, is one of the contractors for the plant. In a statement to Reuters, Reliance acknowledged a 'partial breach' of its data on a server hosted by third-party Indian data centre service provider Yotta, adding that the government has been informed. Reliance did not specify what data was breached.

Nickolas Roth, a senior director at the Nuclear Threat Initiative, a group that advises governments on nuclear security, said the breach could pose a 'serious' risk to the safety of the plant. The incident also highlights the increasing frequency of hacks in India, where many companies are not well prepared to handle such threats.

Independent cybersecurity researcher Rakesh Krishnan, who first alerted Reuters to the leak, said nearly 19,000 files totaling 14.3 gigabytes and appearing under the search term 'KKNP'—an acronym for the nuclear plant—have been online since June 11. Reuters reviewed the documents, which date from 2016 to mid-2025, but could not verify their authenticity. The files include some blueprints and supplier details, as well as meeting and inspection records, equipment reviews, and insurance policies.

The 19,000 files appeared to be the most sensitive among a total of 858,000 Reliance files on the World Leaks website. One of Reliance's subsidiaries, Reliance Infrastructure, won a contract in 2018 to design and build infrastructure for Units 3 and 4 of the plant. Both units are under construction and are expected to be operational by 2027, providing a combined 2,000 megawatts of capacity.

World Leaks, a known ransomware group that has previously targeted Nike and India's Tata Group, did not respond to queries from Reuters about the Reliance breach. The group typically posts stolen corporate data after companies decline to pay a ransom. In June, World Leaks told Reuters it had demanded $1.5 million in ransom for Tata Group files containing confidential component designs for clients Apple and Tesla, and posted the data after Tata ignored the demand.

According to a source familiar with the matter, the Nuclear Power Corporation of India (NPCIL), which operates the country's nuclear plants, has been communicating with Reliance about the breach, and India's main cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), is investigating. The source spoke on condition of anonymity due to the sensitivity of the issue. NPCIL Chairman Rajesh Veeraraghavan, CERT-In, and the government's press office did not respond to requests for comment.

Yotta, the data centre service provider, said in a statement that it noticed suspicious activity on May 29 on a server it hosts for Reliance Infrastructure. The activity was immediately terminated, and a suspected ransomware execution was prevented. However, Reliance Infrastructure informed Yotta at the end of June that there had been claims of a data breach by 'external threat actors.' Yotta stated that it has not been able to verify the claims but has shared its technical investigation with Reliance Infrastructure and is supporting the ongoing investigation.

Latest in Tech 10
YouTube, X Funnel Millions to AI Deepfake Nudify Apps: Study
tech

YouTube, X Funnel Millions to AI Deepfake Nudify Apps: Study

A new study by the Institute for Strategic Dialogue found that YouTube and X drove more than 5.7 million visits to AI-powered deepfake nudify apps between December 2025 and March 2026. The report challenges the notion that these apps spread only on fringe platforms and highlights weak enforcement of policies against non-consensual explicit content.

Indian Express 15 Jul 2026, 08:48 AM
Read More →
→ View All Tech News