
A ransomware group has claimed responsibility for leaking sensitive data linked to India’s largest nuclear power plant, Kudankulam, on the dark web. The leaked files reportedly include facility layouts, supplier details, and internal project documents. Security experts warn the breach could pose serious risks to critical infrastructure and national security if the information is misused.
According to Reuters, the World Leaks ransomware group claimed the data was obtained from Reliance Group, which is involved in the project. Reliance confirmed that its data stored on servers operated by data center provider Yotta experienced a partial security breach. The company said Indian authorities had been informed but did not specify what information was compromised or confirm the authenticity of the leaked files.
Read more: Afghan hackers breach Indian media in cyberattack
Kudankulam Nuclear Power Plant, located in the southern state of Tamil Nadu, is India’s largest nuclear facility and a key part of Prime Minister Narendra Modi’s strategy to expand nuclear energy production. Reliance Infrastructure secured the contract in 2018 to design and build infrastructure for Units 3 and 4. The two reactors remain under construction and are expected to become operational by 2027, adding a combined 2,000 megawatts of electricity to the national grid.
Reports indicate that nearly 19,000 highly sensitive files were identified among more than 858,000 leaked documents. The files reportedly include ventilation and cooling system layouts, control room diagrams, supplier lists, inspection records, equipment reviews, and insurance documents. One document revealed insurance coverage of up to $112 million in the event Units 3 or 4 suffer damage from a terrorist attack.
Read more: Indian media giant breached by Afghan hackers
Cybersecurity experts said the leaked information does not appear to expose core reactor systems but could still help attackers identify suppliers, map support infrastructure, and exploit potential security weaknesses. World Leaks has previously targeted companies including Nike and Tata Group, allegedly publishing stolen data after ransom demands were rejected. According to cybersecurity firm Surfshark, India ranks third globally for data leak incidents, highlighting growing concerns over cyber threats targeting critical infrastructure.