Major Data Breach at India's Largest Nuclear Plant Exposed by Ransomware Group
Major Data Breach at India's Largest Nuclear Plant Exposed by Ransomware Group
Jul 15, 2026, 15:47 IST
Ransomware Group Exposes Sensitive Nuclear Plant Files
A ransomware collective known as 'World Leaks' has released a significant cache of documents related to India's largest nuclear facility on the dark web. This collection reportedly includes blueprints of certain plant sections and supplier information, which the group claims originated from Anil Ambani's Reliance Group. The Kudankulam Nuclear Power Plant, located in Tamil Nadu, is the largest among India's seven nuclear plants and plays a crucial role in Prime Minister Narendra Modi's ambitious plans to enhance the country's nuclear energy capacity. In a statement to a news media outlet, Reliance Group acknowledged a "partial breach" of their data hosted on servers managed by the third-party Indian data center provider, Yotta, and confirmed that the government has been informed about the incident.
Concerns Over Security Risks
Reliance did not specify which data was compromised. Nicholas Roth, a senior director at the Nuclear Threat Initiative, indicated that such a breach poses a "serious" risk to the plant's security. This organization advises governments and assesses countries' preparedness regarding nuclear safety. The incident highlights the prevalence of hacking in India, where many companies lack the necessary resources or preparedness to counter such threats. A review of documents by a news media outlet, dated from 2016 to 2025, could not verify their authenticity. Besides blueprints and supplier details, the documents allegedly contain records of meetings and inspections, equipment reviews, and insurance policy information.
Sensitive Files Among Thousands Released
Among the 858,000 files released by World Leaks, approximately 19,000 appeared to be particularly sensitive. A subsidiary of the group, 'Reliance Infrastructure,' was awarded a contract in 2018 to design and construct infrastructure for Units 3 and 4 of the plant, which are currently under construction and expected to be operational by 2027, generating a total of 2,000 megawatts of electricity. World Leaks is a well-known ransomware group that has previously targeted companies like Nike and Tata Group. The group did not respond to inquiries from a news media outlet regarding the Reliance data breach. Typically, they publish stolen corporate data on their website when companies refuse to pay the demanded ransom. Access to their website is restricted to a specific browser. In June, World Leaks informed a news media outlet that they had demanded a ransom of $1.5 million for files belonging to Tata Group that contained confidential component designs for clients Apple and Tesla, which were posted after Tata ignored their request.
Suspicious Activity Detected in May
According to a source familiar with the situation, the Nuclear Power Corporation of India, which operates the country's nuclear power plants, is in discussions with Reliance regarding the breach, while India's primary cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), is investigating the incident. Due to the sensitive nature of the case, the source requested anonymity. Rajesh Veeraraghavan, chairman of the Nuclear Power Corporation, and CERT-In have not responded to repeated requests for comments from the government’s main press office. Yotta stated that it detected suspicious activity on a hosted server belonging to Reliance Infrastructure on May 29. They reported that the activity was promptly halted, preventing a potential ransomware attack, but Reliance Infrastructure later informed them at the end of June that there had been claims of data breaches by "external threat actors."