Nearly 19,000 files linked to India’s Kudankulam Nuclear Power Plant have appeared on the dark web following an alleged data theft by the ransomware group World Leaks. The disclosure has raised concern because the material is said to include partial facility blueprints and component supplier data.
Nuclear Power Corporation of India (NPCIL), the plant operator, said nuclear safety and security systems were not affected. It stated that publicly available information was unrelated to the plant’s nuclear safety or nuclear security systems.
What the Leaked Archive Is Said to Contain
The archive uploaded by World Leaks was reported to be about 14.3 gigabytes in size. CNBC Indonesia, citing Russia Today, said the files appeared on the dark web on Wednesday, although their authenticity has not been independently verified.
| Category | Reported Detail |
|---|---|
| Number of files | Nearly 19,000 |
| Archive size | About 14.3 gigabytes |
| Claimed contents | Partial facility blueprints and supplier data |
| Systems said to be unaffected | Nuclear safety and security systems |
NPCIL said the data concerned conventional sections of the facility, which are also common at thermal power plants. The operator used that distinction to maintain that reactor operations and reactor security had not been disrupted.
The incident nevertheless places attention on the exposure of internal documents connected to a major nuclear project. Nickolas Roth, senior director at the Nuclear Threat Initiative, warned that such data exposure could create serious risks for plant safety.
Possible Route Through an External Server
The suspected initial route of the breach involves digital systems used by Reliance Group, a company owned by Anil Ambani. Reliance Group has held a contract since 2018 for support systems outside the main nuclear facility.
The company acknowledged a data breach involving an external server. In a statement to Reuters, a company representative said, “There was a partial breach of our data on a server hosted by a third-party Indian data center service provider, Yotta.”
Reliance Group said it had reported the incident to the national cybersecurity agency. Yotta, meanwhile, said it had detected suspicious ransomware execution activity from May 29 and took preventive measures.
World Leaks’ Disclosure Pattern
World Leaks is known for publishing corporate data when targets do not meet ransom demands. In June, the same group was reported to have posted Tata Group files containing confidential client designs, including those of Apple and Tesla.
The Tata Group material appeared after the conglomerate was said to have ignored a US$1.5 million ransom demand. That pattern has increased scrutiny of the Kudankulam-related files, even though the validity of all the documents remains unconfirmed.
A Major Nuclear Project in Tamil Nadu
Kudankulam is located in Tamil Nadu and was built through cooperation between the Indian government and Rosatom, Russia’s state nuclear company. When fully completed, the project is planned to operate six pressurized water reactors.
Two reactors with capacities of 1,000 MW each are currently supplying electricity. The facility was also linked to a previous cyber incident in 2019, when malware said to be connected to a North Korean hacking group was found in its administrative network.
