A ransomware group has allegedly leaked sensitive data linked to India’s Kudankulam Nuclear Power Plant, raising cybersecurity concerns. According to Reuters, the published files include facility maps, supplier information and project-related documents.
According to the foreign news agency Reuters, the leaked data allegedly includes maps of some parts of the facilities and details of suppliers, while the group of hackers has claimed that this information was obtained from the Reliance Group.
According to the news agency, the Kudankulam Nuclear Power Plant is located in the Indian state of Tamil Nadu and is the largest of India’s 7 nuclear plants, while it is a central part of Prime Minister Narendra Modi’s plan to increase nuclear energy capacity in the country.
The plant is owned by Indian businessman Anil Ambani’s Reliance Group, which said in a statement to Reuters that Reliance’s data had been partially compromised on a server run by data center service provider Utah and that the government had been informed of the incident, but Reliance did not say which data had been compromised.
Nicholas Roth, senior director of the Nuclear Threat Initiative, said the data leak could pose a serious threat to the plant’s security.
The leaked data allegedly includes some facility maps, supplier details, meeting and inspection records, equipment reviews and insurance policies.
According to the report, 19,000 of the 858,000 files leaked by Reliance appear to be the most sensitive, and are available on the World Leaks website.
Reliance Infrastructure, a subsidiary of the group, won the contract to design and build the infrastructure for Units 3 and 4 of the plant in 2018. Both units are still under construction and are expected to be operational by 2027, with a combined capacity of 2,000 megawatts.
According to the news agency, WorldLeaks is a ransomware group that has previously targeted Nike and the Tata Group. The group usually posts stolen data on its website if companies fail to pay ransom, which can only be accessed through a special browser.
In June, WorldLeaks told Reuters that it had demanded $1.5 million in ransom for Tata Group files, which included confidential designs for clients such as Apple and Tesla, and that the data was released on the website when the ransom demand was rejected.
The documents released on the WorldLeaks website do not appear to be related to the core systems of the nuclear reactors, but they do include maps of the ventilation and cooling systems of Units 3 and 4 and a control room.
The files also include supplier proposals, a list of approved suppliers and a record of a meeting on a joint inspection between Nuclear Power Corporation and Reliance in 2024, which also contains photos of equipment.
According to another document, Reliance Infrastructure and Nuclear Power Corporation have also obtained an insurance policy under which they can be compensated up to $ 112 million if Unit 3 or Unit 4 is the target of terrorism.
Experts say that if this data falls into the wrong hands, it can be used to map the plant’s support systems, identify suppliers and assess security vulnerabilities.
According to Nicholas Roth, this data not only shows who has access to the project but also shows which systems can be reached through that access.
According to cybersecurity company Surfshark, India is ranked third in the world in terms of data leaks.



