World

Files tied to Kudankulam nuclear plant appear in ransomware leak

Reliance Group says a third-party-hosted server was partly breached, while India’s nuclear operator says nuclear security data was not exposed.

Lucas Ferreira

By Lucas Ferreira · Science & Environment Writer

3 min read

Files tied to Kudankulam nuclear plant appear in ransomware leak
Photo: Al Jazeera

A ransomware group has posted thousands of files that Reuters reported are linked to India’s Kudankulam Nuclear Power Plant. The leak has drawn scrutiny because Kudankulam is India’s largest nuclear plant and a major part of the country’s atomic energy expansion plans.

Reuters reported Thursday that the group World Leaks placed a large set of documents on the dark web and marked the material as Reliance Group data. The files included purported facility blueprints and supplier information tied to Kudankulam, according to Reuters.

The Nuclear Power Corporation of India said the publicly available material did not include sensitive information connected to nuclear safety or nuclear security systems. The state-run company, which commissions and operates nuclear power plants, said the material related only to common service facilities.

Reliance Group, led by Indian businessman Anil Ambani, told Reuters that some of its data had been breached on a server hosted by Yotta, an Indian third-party data centre services provider. Reliance said it had informed the government, but did not specify what information was affected.

Independent cybersecurity researcher Rakesh Krishnan, who alerted Reuters to the material, said nearly 19,000 files totaling 14.3 gigabytes appeared in searches for “KKNP,” an acronym for Kudankulam Nuclear Power Plant. Krishnan said the files had been online since June 11.

Reuters said it examined documents dated from 2016 to mid-2025, but could not confirm whether they were genuine. The files purportedly included meeting and inspection records, equipment reviews, insurance policies, blueprints and supplier details, according to Reuters.

Reuters reported that the 19,000 Kudankulam-related files appeared to be the most sensitive subset among 858,000 Reliance files listed on the World Leaks website. The ransomware group did not respond to Reuters’ questions about the Reliance breach.

Kudankulam, in the southern Indian state of Tamil Nadu, is the largest of India’s seven nuclear power plants, according to Reuters. The plant is also tied to Prime Minister Narendra Modi’s push to increase India’s nuclear power capacity.

Reliance Infrastructure, a Reliance Group subsidiary, won a 2018 contract to design and build infrastructure for Kudankulam’s Unit 3 and Unit 4, Reuters reported. Those two units remain under construction and are expected to begin operations by next year, with a planned combined capacity of 2,000 megawatts.

Nickolas Roth, a senior director at the Nuclear Threat Initiative, told Reuters the breach could create a serious safety risk for the plant. The organisation advises governments and assesses nuclear security preparedness.

A person familiar with the matter told Reuters that the Nuclear Power Corporation of India has been in contact with Reliance about the incident. The person also said the Indian Computer Emergency Response Team, known as CERT-In, is examining the case; Reuters said the person requested anonymity because of the sensitivity of the issue.

Reuters described World Leaks as a known ransomware group that has targeted companies including Nike and India’s Tata Group. Reuters reported last month that World Leaks said it had demanded $1.5 million for Tata files containing confidential component designs for Apple and Tesla clients, and published the data after Tata ignored the demand.

This story draws on original reporting from Al Jazeera.