World

Data breach reportedly targets India’s Kudankulam nuclear power plant

Al Jazeera · 2026-07-16

AI SUMMARY

• What happened: A data breach involving India's Kudankulam nuclear power plant was reported, with ransomware group World Leaks posting sensitive files on the dark web, including blueprints and supplier details. • Why it matters: The breach raises concerns about the safety and security of India's largest nuclear facility, especially as it is central to the country's plans to expand atomic energy capacity. • What to watch next: The Indian Computer Emergency Response Team (CERT-In) is investigating the incident, and further developments regarding the breach's impact on nuclear security and the response from the Nuclear Power Corporation of India and Reliance Group are expected.

SaveSharefacebookxwhatsapp-strokecopylinkPolice patrol a beach near Kudankulam Nuclear Power Plant in the southern Indian state of Tamil Nadu [File: Adnan Abidi/Reuters]By ReutersPublished On 16 Jul 202616 Jul 2026A data breach has reportedly revealed files linked to India’s largest nuclear power plant, according to the Reuters news agency.Ransomware group World Leaks posted ⁠⁠on the dark web a huge cache of files related to Kudankulam Nuclear Power Plant, including purported blueprints of parts of its facilities and supplier details – information it labelled as coming from Reliance Group, said Reuters on Thursday.Recommended Stories list of 3 itemslist 1 of 3India’s ethanol rush prompts anger among vehicle owners, questions for gov’tlist 2 of 3Indian activist Wangchuk urged to end hunger strike over exam paper leakslist 3 of 3India summons Iranian diplomat over missile killing of seafarerend of listThe Nuclear Power Corporation of India later said the data breach did not reveal any sensitive information related to nuclear security.Kudankulam in the southern Indian state of Tamil Nadu is the largest of India’s seven nuclear plants, and central to Prime Minister Narendra Modi’s ambitious plans to ⁠⁠expand atomic energy capacity.Indian businessman Anil Ambani’s Reliance Group, one of the plant’s contractors, told Reuters that there had been a “partial breach” of its data on a server hosted by third-party Indian data centre service provider Yotta, and that the government has been informed.Reliance did not disclose what data had been breached.Nearly 19,000 files totalling 14.3 gigabytes that appear for the search term “KKNP” – an acronym for the nuclear plant – in the data have been online since June 11 , according to independent cybersecurity researcher Rakesh Krishnan, who first alerted Reuters to the leak.Reuters reviewed the documents, which were dated from 2016 to mid-2025, but could not verify their authenticity.In addition to some blueprints and supplier details, they purportedly show meeting and inspection records, equipment reviews and insurance policies.The 19,000 files appeared to be the most sensitive of 858,000 Reliance files on ‌‌the World Leaks website.One of the conglomerate’s subsidiaries, Reliance Infrastructure, won a contract in 2018 to design and build infrastructure for the plant’s Unit 3 and Unit 4. Both units, still under construction, are due to be operational by next year and are designed to provide a combined 2,000 megawatts of capacity.The data breach could pose a “serious” risk to the safety of the plant, Nickolas Roth told Reuters. He is a senior director at ⁠⁠the Nuclear Threat Initiative, which advises governments and benchmarks countries’ preparedness on nuclear security. The breach also underscores how hacks have become more common in India, where many companies are ill-equipped to deal with such threats.The Nuclear Power Corporation of India, which commissions and operates nuclear power plants, has been communicating with Reliance about the breach. India’s main cybersecurity agency – the Indian Computer Emergency Response Team (CERT-In) – is looking into the incident, a source familiar with the matter told Reuters. The ⁠⁠source declined to be identified due to the sensitivity of the issue.The Nuclear Power Corporation said in a statement that the information said to ⁠⁠be available in the public domain pertains only to common service facilities and does not relate to any nuclear safety or nuclear security-related systems.World Leaks, a well-known ransomware group that has previously targeted Nike and India’s Tata Group, did not respond to Reuters’ queries on the Reliance data breach. The group typically posts stolen corporate data on its website after companies decline to pay the ransom demanded. Its website can only be accessed with a specialised browser.Last month, World Leaks told Reuters it demanded $1.5 million in ransom for Tata Group files containing confidential component designs of clients Apple and Tesla, adding that it posted the data after Tata “ignored” its demand.

Source: Al Jazeera
RELATED NEWS

More Stories

All News
World

Ex-CEO of Italian motorway sentenced to 12 years for Genoa bridge collapse

• What happened: The former CEO of Italy's main highway operator, Giovanni Castellucci, was sentenced to 12 years in prison for vehicular homicide and negl...

World

US to impose new 25 percent tariffs on some Brazilian imports

• What happened: The United States announced it will impose 25 percent tariffs on various Brazilian imports, including sugar, apparel, paper, and steel, effecti...

World

Trump limits length of visas for students, exchange visitors, journalists

• What happened: The Trump administration announced new visa regulations limiting the duration of stay for foreign students, exchange visitors, and journalists,...

World

How can Argentina beat favourites Spain to win back-to-back World Cups?

• What happened: Argentina is set to face Spain in the FIFA World Cup 2026 final, aiming to become the third team to defend their title after winning in 2022. ...

World

Vance says Israeli campaign tried to sway US opinion against Iran diplomacy

• What happened: US Vice President JD Vance accused members of the Israeli government of attempting to sway US public opinion against a diplomatic deal with Ira...

World

JD Vance says Welsh castle was 'coolest thing I've ever seen'

• What happened: US Vice-President JD Vance expressed his admiration for Caernarfon Castle in Wales, calling it "the coolest thing I've ever seen"...