

Key Points
Ransomware group World Leaks posted a large dataset including blueprints, supplier lists, and correspondence tied to Reliance Infrastructure's work at Kudankulam Nuclear Plant.
NPCIL and the Union Minister of State for Atomic Energy confirmed the leak involves only Balance of Plant (non-nuclear) infrastructure, not reactor core systems.
This follows a 2019 malware attack attributed to a North Korean hacking group, marking Kudankulam's second known cybersecurity incident.
THE KUDANKULAM NUCLEAR POWER PLANT situated in the southern state of Tamil Nadu is India’s largest nuclear energy generator plant. The establishment is the cornerstone of the nation’s long-term plan of energy sustenance and produces electricity for the southern power grid. In 2018, Reliance Infrastructure Ltd., a subsidiary of Ambani’s Reliance Group, was given the Engineering, Procurement and Construction (EPC) contract for the plant’s non-nuclear common service facilities, known as Balance of Plant (BoP). Recently, a ransomware group known as World Leaks has posted a huge cache of the power plant’s data on the dark web, which purportedly contains details of blueprints of the power plant and supplier’s details among other information. The ransomware group labeled that the source of the data — Reliance Group.
When the term KNPP, an acronym for the Kudankulam Nuclear Power Plant, is searched in the leaked dataset, hundreds of internal documents including inspection records, engineering design files for various plant facilities, minutes of meetings, and correspondence between Reliance Infrastructure and the Nuclear Power Corporation of India Ltd (NPCIL) on project execution and construction-related matters pops up. These documents amount to 19,000 files in total, totaling 14.4 gigabytes (GB). The entire leaked dataset, however, is around 1.2 terabytes in total.
The authenticity of the data remains unverified as of yet.
Reliance was given a contract to design and build infrastructure for the Kudankulam nuclear power plant's power generating Unit 3 and Unit 4. The company is in charge of developing non-nuclear infrastructure assets for the units, such as water supply systems, pumping stations, roads, and structural drainage.
News agency Reuters reviewed the leaked dataset, and stated that no data relating to the nuclear reactors' core system were found. However, schematics of ventilation systems for power generating units number 3 & 4, parts of which are currently being developed by Reliance, were found. A floor layout plan of a “common control unit” was also found.
See also: UK Data Leak Spurs Costly Afghan Resettlement And Security Fears
Other documents that were found were vendor proposals, a list of approved suppliers, and a record of a 2024 meeting about a joint inspection by the Nuclear Power Corporation and Reliance, with attached photos of the equipment. An insurance policy document between Reliance and NPCIL was also found, which detailed that a payment of $112 million will be given to both the parties if either Unit 3 or Unit 4 were to suffer an act of terrorism.
A spokesperson for the Reliance group confirmed that a “data minor leak” has happened in one of its data servers, which is hosted via third-party service provider Yotta. The spokesperson further said that the government has been made aware of the data leak.
In a statement given to Reuters, Yotta remarked that it did notice some suspicious activities on the data server it hosts that belongs to Reliance Infrastructure on May 29, 2026. The service provider said that the suspicious activity was immediately suspended, and an alleged ransomware attack was prevented.
See also: BharatPe Data Breach: Company refutes Ashneer Grover's data breach claim
Nuclear Power Corporation of India Limited (NPCIL), operator of the Kudankulam plant, had clarified that the leaked data is not sensitive in nature and poses no immediate threat. The leaked data is only related to the Balance of Plant common service facilities, the firm continued, and does not pertain to any nuclear safety or security systems. A senior official at the NPCIL revealed that the corporation is not yet proceeding with the filing of a FIR as of yet, as the data leak is linked to Reliance and not to the power plant or the operator itself.
Additionally, Union Minister of State for Atomic Energy Jitendra Singh had refuted claims the data leak is sensitive in matter, and asserted that there had been no leak of nuclear safety or security-related data. “There’s no need for any immediate review because what has happened is not linked to nuclear activity,” Singh stated to The Hindu.
The NPCIL is in communication with Reliance and Indian Computer Emergency Response Team (CERT-In) — the country’s premier cyber security agency — to address this issue.
World Leaks is a well-known ransomware group which has engaged in similar data leaks before. The group steals data from corporations and demands a ransom, and publishes the data on its website if the demanded amount isn't paid. Previously, World Leaks had targeted shoe manufacturer Nike, and India’s Tata group.
This marks the second time the Kudankulam nuclear power plant had become the target of a cyber attack, after a North Korean group staged a malware attack at the plant in 2019.
(Edited by Ritik Singh)
What is the Kudankulam Nuclear Power Plant?
The Kudankulam Nuclear Power Plant is India’s largest nuclear-power generating plant. It is situated in Kudankulam region in the Tirunelveli district of the southern state of Tamil Nadu.
How is Reliance connected to the Kudankulam Nuclear Power Plant?
In 2018, Reliance Group’s subsidiary Reliable Infrastructure Ltd. was given a contract by the Kudankulam Nuclear Power Plant to develop ‘Balance of Plant’ infrastructure for its power generating Unit 3 and Unit 4. It includes developing non-nuclear assets such as water supply systems, pumping stations, roads, and structural drainage.
What is the data leak related to the Kudankulam Nuclear Power Plant?
A ransomware group by the name of World Leaks posted 1.2 terabytes worth of data, which it gathered from Reliance, on the dark web. A huge portion of the dataset contains information from Kudankulam Nuclear Power Plant's blueprint and supplier details. Officials say that the leaked data is not sensitive and poses no risk as of yet.
Suggested reading:
Subscribe to our channels on YouTube and WhatsApp
Download our app on Play Store