Report Ads

Kudankulam Nuclear Plant Data Leak Exposes Thousands of Sensitive Files on Dark Web

Cybersecurity Systems
Stay Secure in a World of Growing Cyber Threats. [TechGolly]

Key Points:

  • Ransomware group World Leaks posted more than 19,000 sensitive files related to the Kudankulam Nuclear Power Plant on the dark web.
  • The documents, stolen from contractor Reliance Group, include blueprints of parts of the facilities, supplier details, and equipment reviews.
  • Reliance Group confirmed a partial data breach of its server hosted by third-party data center service provider Yotta.
  • Security experts warn that the exposed engineering and logistical files pose serious security and safety risks to India’s largest nuclear facility.

A major cybersecurity incident has compromised sensitive infrastructure data belonging to India’s largest nuclear power facility. The cybercriminal group World Leaks posted a massive cache of files on the dark web, containing thousands of documents linked directly to the Kudankulam Nuclear Power Plant in the southern state of Tamil Nadu. This Kudankulam Nuclear Plant Data Leak represents a major breach of critical infrastructure data, raising urgent questions about physical security and digital defense capabilities at the nation’s key energy installations.

The leaked materials comprise more than 19,000 sensitive files that focus heavily on the design, logistics, and operational structures of the facility. These documents belong to a much larger cache of approximately 858,000 corporate files stolen from a major contractor. The exposed records contain detailed engineering blueprints of facility components, supplier registries, equipment reviews, internal meeting minutes, and corporate insurance policies. These documents span a nearly ten-year timeframe, dating from 2016 through mid-2025, providing a comprehensive historical view of the plant’s internal logistics.

The contractor, Reliance Group, confirmed that a partial data breach occurred on a server hosted by third-party Indian data center service provider Yotta. While the corporate group did not publicly detail the exact files compromised, the company immediately notified government agencies and cyber defense departments about the security failure. The data center operator, Yotta, stated that its security teams first detected highly suspicious activity on a server belonging to Reliance Infrastructure on May 29. Security systems blocked the initial ransomware execution, but hackers had already successfully copied and extracted the vast archive of sensitive files.

The Kudankulam Nuclear Power Plant serves as a vital cornerstone of the country’s long-term energy strategy. As the largest of the nation’s seven active nuclear installations, the facility is central to ambitious plans to rapidly expand domestic atomic energy capacity. One of the contractor’s subsidiaries, Reliance Infrastructure, won a massive contract in 2018 to design and construct the essential facilities for Unit 3 and Unit 4. Both of these reactor units remain under active construction, with commercial operations scheduled to begin in 2027, eventually adding a combined 2,000 megawatts of electricity to the regional power grid.

The leak of extensive technical blueprints and logistics records introduces significant security and safety risks to the nuclear site. While the critical control and instrumentation systems of the plant remain physically isolated from the internet to prevent direct remote hacking, the exposed documents provide highly sensitive operational intelligence. Specialized nuclear security experts warn that malicious foreign actors or saboteurs could exploit these detailed blueprints and structural designs to identify physical vulnerabilities or coordinate targeted physical attacks on secondary systems that are vital to reactor cooling.

The exposure of supplier registries and equipment reviews also creates severe supply chain vulnerabilities. Having access to detailed records of which specific vendors supply critical parts, alongside historical maintenance logs, allows hostile intelligence agencies to plan highly sophisticated supply chain intrusions. Bad actors could inject compromised, counterfeit, or physically altered components into the plant’s active supply chain. By exploiting these supplier details, adversaries can bypass standard quality control checks, posing a long-term threat to the structural integrity of the facility.

The current data breach represents the most severe data security failure at the site since a highly publicized malware infection occurred several years ago. In September 2019, security specialists identified a ‘Dtrack’ malware infection on the plant’s administrative network. The attack, which cybersecurity experts subsequently linked to the state-sponsored North Korean hacker group Lazarus, focused on information gathering and vulnerability scanning. While that initial intrusion was restricted to the administrative network and did not affect critical reactor control systems, it demonstrated the persistent interest that hostile foreign groups maintain in the facility’s operations.

The massive data theft highlights a wider, systemic vulnerability within the national digital economy. Over the past several years, cyberattacks and ransomware incidents have increased dramatically across the country, targeting critical utilities, government departments, and multinational corporations. Many private contractors and third-party data center operators remain poorly equipped to handle highly sophisticated, state-sponsored cyber espionage campaigns, creating a weak link in the defensive architecture of critical national infrastructure.

This latest breach will likely trigger sweeping regulatory reforms to protect national infrastructure assets from future digital leaks. To prevent third-party vulnerabilities, central cybersecurity agencies are pushing for more rigorous audit standards and stricter oversight of private contractors. Experts advocate for the mandatory hardening of all administrative intranet systems, absolute restrictions on removable media, and the continuous monitoring of network endpoints to ensure that contractor-level security failures do not compromise the integrity of critical national energy networks.

The exposure of thousands of sensitive files from the nation’s largest nuclear power plant marks a critical warning for the global energy sector. While the core control systems of the Kudankulam facility remain safe from direct cyber attacks, the leakage of engineering blueprints and logistical data proves that securing a nuclear plant requires protecting its entire supply chain. As construction teams work toward the 2027 completion of the new reactor units, the government and its contractors must fundamentally reform their cybersecurity standards to guarantee that critical national infrastructure remains completely secure.

Newsroom
Newsroom
Al Mahmud Al Mamun leads the TechGolly Newsroom team. He served as Editor-in-Chief of a world-leading professional research Magazine. Rasel Hossain is supporting as Managing Editor. Our team is intercorporate with technologists, researchers, and technology writers. We have substantial expertise in Information Technology (IT), Artificial Intelligence (AI), and Embedded Technology.