NPCIL Clarifies Data Leak at Kudankulam Involves Only Conventional Systems, Not Nuclear Safety
New Delhi: The Nuclear Power Corporation of India Limited (NPCIL) on Wednesday clarified that a reported data breach at the Kudankulam Nuclear Power Project involves only conventional facilities and not nuclear safety or security systems. This response came after a hacker group named World Leaks claimed to have posted over 19,000 sensitive files related to the plant on the dark web.
NPCIL stated that the Engineering, Procurement and Construction (EPC) contract for the Common Services–Balance of Plant (BoP) package was awarded to Reliance Infrastructure Ltd. in 2018 through a public tender process. As part of the tendering, NPCIL provided indicative drawings and technical specifications to bidders. The contractor then prepared detailed engineering drawings in consultation with original equipment manufacturers.
The leaked documents, reviewed by Reuters, include engineering blueprints for ventilation and cooling systems, floor layouts of a common control room, equipment inspection reports, supplier lists, and insurance policies. The documents date from 2016 to mid-2025 and relate primarily to Units 3 and 4 of the Kudankulam plant, which are under construction and expected to become operational by 2027. Reuters could not independently verify the authenticity of the documents.
NPCIL emphasised that the information in the public domain pertains only to conventional Balance of Plant common service facilities, similar to those used in thermal power plants and other process industries. 'It is clarified that the reported data breach does not involve any nuclear safety or nuclear security systems,' the release said. The designs for the nuclear reactors' core systems are supplied by Russia's state-owned Rosatom and were not part of the leaked files.
The incident highlights ongoing cybersecurity concerns around critical infrastructure, but NPCIL has assured that no sensitive nuclear data has been compromised.