India’s largest nuclear plant hit by data breach, security concerns mount
New Delhi: India’s cyber security has come under renewed scrutiny after sensitive information related to the country’s largest nuclear power plant was exposed on the dark web.
According to Kashmir Media Service, the Kudankulam Nuclear Power Plant, located in Tamil Nadu state, is the largest of India’s seven operational nuclear plants.
The Rransomware group World Leaks has claimed responsibility for obtaining a large cache of files related to the facility and releasing some of them online.
As per foreign media reports, the leaked material includes blueprints of parts of the plant’s facilities and supplier details, meeting and inspection records, equipment review documents and insurance policies. The group claimed the data orginated from Reliance Group, one of the project’s contractors.
Reliance Group, headed by Indian businessman Anil Ambani, confirmed that a “partial breach” had occurred on a server hosted by third-party Indian data centre service provider Yotta. In a statement to Reuters, the company said the government had been informed of the incident but did not disclose the nature or extent of the compromised data.
Yotta said it detected suspicious activity in May and immediately implemented security measures. Following claims of the data leak, the company launched an investigation and is cooperating with the relevant authorities.
Cybersecurity experts warned that the breach could pose serious security risks. Nickolas Roth, Senior Director at the Nuclear Threat Initiative, said the leaked information could endanger the safety of the plant. The breach also underscores how hacks have become more common in India, where many companies are ill-equipped to deal with such threats.
Reports said the leaked documents do not appear to involve the nuclear reactors’ core systems, which are supplied by Russia’s state-owned Rosatom. However, they reportedly include blueprints of the ventilation and cooling systems for Units 3 and 4, as well as what appears to be the complete floor layout of a common control room.
According to Reuters, researchers warned that such information could enable malicious actors to map the plant’s support infrastructure, identify suppliers and detect potential weaknesses in its security chain. Roth said the documents could reveal “not just who has access to the project but which systems that access reaches.”
The incident has also highlighted India’s growing cybersecurity challenges. According to cybersecurity firm Surfshark, India ranked third globally in data breaches last year, with 28.9 million user accounts compromised, behind only the United States and France.
A report published last year by the Data Security Council of India and cybersecurity firm Seqrite found that 73 percent of 204 surveyed organisations were unaware whether they had ever been targeted by cyberattacks, while 57 percent lacked basic cyber hygiene practices.
This is the second known cyber incident involving the Kudankulam Nuclear Power Plant. In 2019, malware linked to a North Korean hacking group was detected on the plant’s administrative network. At the time, the Nuclear Power Corporation of India said the incident was investigated promptly and that the plant’s operational systems remained unaffected.








