A ransomware group known as World Leaks has published a large cache of files on the dark web linked to the Kudankulam Nuclear Power Plant, the largest of the seven nuclear facilities of India, including purported blueprints, supplier records, and insurance documents attributed to Reliance Group.
The Kudankulam plant, located in Tamil Nadu, is central to the plans of Prime Minister Narendra Modi to expand the atomic energy capacity of the country. Reliance Group, a contractor for the plant, confirmed in a statement to Reuters that a partial breach had occurred on a server hosted by third-party data centre provider Yotta, and said the government had been informed. The company did not specify what data had been compromised.
Nickolas Roth, a senior director at the Nuclear Threat Initiative, said the breach could pose a serious risk to the safety of the plant. The incident highlights the growing frequency of cyberattacks in India, where many companies remain poorly prepared to counter such threats.
Reuters reviewed the leaked documents, dated between 2016 and mid-2025, though their authenticity could not be independently verified. The material reportedly includes blueprints, meeting and inspection records, equipment reviews, and insurance policies. Of the 858,000 Reliance files posted on the World Leaks website, around 19,000 were identified as the most sensitive.
A Reliance Infrastructure subsidiary secured a contract in 2018 to design and build infrastructure for Unit 3 and Unit 4 of the plant, both currently under construction and expected to become operational by 2027, adding a combined 2,000 megawatts of capacity.
World Leaks, which has previously targeted Nike and the Tata Group of India, did not respond to queries regarding the Reliance breach. The group typically publishes stolen data after ransom demands are refused, and its website is accessible only through a specialised browser. In June, the group had sought $1.5 million in ransom for Tata files containing component designs linked to Apple and Tesla, later releasing the data after the demand was ignored.
The Nuclear Power Corporation of India, which operates the nuclear facilities of the country, has been in communication with Reliance regarding the breach, while the Indian Computer Emergency Response Team is reviewing the incident, according to a source familiar with the matter who requested anonymity due to the sensitivity of the issue.
Yotta said it detected suspicious activity on a Reliance Infrastructure server on May 29, and that the activity was terminated before ransomware could be executed. Reliance Infrastructure later informed Yotta at the end of June that external actors had claimed to have breached its data. Yotta said it could not verify these claims but had shared its technical findings with Reliance Infrastructure and was supporting the ongoing investigation.
The Department of Atomic Energy of India declined to comment, and the office of Modi did not respond to queries.
The leaked documents do not appear to involve the core reactor systems, which are supplied by the Russian state-owned firm Rosatom. They reportedly include blueprints for the ventilation and cooling systems of Unit 3 and Unit 4, along with the floor layout of a common control room.
Also included were vendor proposals, a list of approved suppliers, and records of a 2024 joint inspection conducted by the Nuclear Power Corporation and Reliance, along with equipment photographs. One document indicated that an insurance policy had been arranged that would provide $112 million in compensation should either unit suffer an act of terrorism.
Researchers noted that such files, if accessed by malicious actors, could be used to map the support systems of the plant, identify its suppliers, and locate weaknesses in its security chain. Roth of the Nuclear Threat Initiative said such data could reveal not only who has access to a project but also which systems that access extends to.
India ranks third globally for data breaches, with 28.9 million accounts compromised last year, behind only the United States and France, according to cybersecurity firm Surfshark. A separate report by the Data Security Council of India and Seqrite found that most surveyed organisations in the country were unaware whether they had ever been targeted, while more than half lacked basic cyber hygiene practices.
This marks the second cyber incident linked to the Kudankulam plant. In 2019, malware associated with a North Korean hacking group was discovered on its administrative network, though the Nuclear Power Corporation said at the time that plant systems were unaffected.