Kudankulam Nuclear Plant Data Breach Explained: Why India’s Biggest Atomic Project Faces a New Cybersecurity Challenge

India’s largest nuclear power project, Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, has come under the spotlight after a ransomware group allegedly leaked thousands of files linked to the project. While there is no evidence that the plant’s nuclear reactor control systems were compromised, the incident highlights the growing cybersecurity risks facing critical infrastructure.

The breach is currently under investigation by Indian authorities, including CERT-In, after contractor Reliance Infrastructure confirmed a partial data breach involving one of its servers.

What Happened?

According to Reuters, the ransomware group World Leaks uploaded nearly 19,000 files—part of a larger cache of around 858,000 files allegedly stolen from Reliance Infrastructure.

The leaked documents reportedly include:

  • Blueprints of ventilation and cooling systems
  • Layouts of a common control room
  • Supplier and vendor information
  • Equipment inspection records
  • Insurance documents
  • Meeting and project reports (2016–2025)

Reuters reviewed portions of the documents but noted that their authenticity has not been independently verified.

Was the Nuclear Reactor Hacked?

No evidence currently suggests that the reactor’s operational or safety systems were breached.

The alleged documents relate primarily to Units 3 and 4, which remain under construction and are expected to become operational by 2027, adding 2,000 MW of generating capacity.

Importantly, the reactor’s core nuclear systems are supplied by Russia’s Rosatom and appear unrelated to the leaked files.

Why Is the Leak Serious?

Cybersecurity experts warn that even if operational systems remain secure, project documents can provide valuable intelligence to malicious actors.

Leaked engineering drawings, contractor details, supplier lists, and facility layouts could potentially help attackers:

  • Map support infrastructure
  • Identify supply-chain vulnerabilities
  • Target contractors
  • Plan future cyber or physical attacks

Experts describe such information as “reconnaissance intelligence” that may aid sophisticated threat actors.

What Have the Companies Said?

Reliance Infrastructure acknowledged a partial breach on servers hosted by Yotta Data Services, stating that the matter has been reported to the government.

Yotta said it detected suspicious activity on May 29, blocked an attempted ransomware execution, and later learned that external threat actors claimed to possess stolen data. The company says it continues to support the ongoing investigation.

Meanwhile, CERT-In and the Nuclear Power Corporation of India Limited (NPCIL) are examining the incident.

A Repeat Warning

This is not the first cyber incident associated with Kudankulam.

In 2019, malware linked to the North Korean Lazarus Group was detected on the plant’s administrative network. At that time, NPCIL clarified that the operational control systems remained isolated and unaffected, emphasizing that India’s nuclear facilities use air-gapped security architecture for critical operations.

The latest incident reinforces the importance of protecting not only operational technology (OT) but also contractors, vendors, cloud infrastructure, and document management systems.

India’s Growing Cybersecurity Challenge

The breach comes as cyberattacks against critical infrastructure continue to rise.

According to Surfshark, India ranked third globally in data breaches last year, with 28.9 million accounts compromised. Another study by the Data Security Council of India (DSCI) and Seqrite found that 73% of organizations were unaware if they had ever suffered a cyberattack, while 57% lacked adequate cyber hygiene practices.

These figures suggest that supply-chain cybersecurity remains one of India’s biggest digital security challenges.

Why It Matters

As India rapidly expands nuclear power to meet rising electricity demand and achieve its clean-energy goals, cybersecurity has become just as important as physical security.

Although investigators have not confirmed that sensitive reactor systems were compromised, the Kudankulam incident demonstrates how contractors and third-party vendors can become weak links in critical infrastructure security. In today’s digital age, safeguarding a nuclear facility requires protecting not only the reactor itself but also the vast ecosystem of engineering firms, suppliers, cloud providers, and project documentation that supports it.

Reference: Reuters, BS