Thousands of Files Allegedly Linked to India's Largest Nuclear Plant Leak Online; CERT-In and NPCIL Launch Investigation
NEW DELHI, July 15 — A ransomware group has published a large batch of files it says were stolen from a contractor working on India's largest nuclear power station, prompting an investigation by federal cybersecurity and atomic energy authorities. So far, there is no indication that the reactors' own control systems were touched.
The group, which calls itself World Leaks, posted more than 19,000 files — roughly 14.3 GB of data — to the dark web, according to a Reuters investigation. The files are described as the most sensitive slice of a far larger haul of about 858,000 documents the group claims to have taken from Reliance Group, whose infrastructure arm is building two new reactor units at the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu. Reuters said it examined some of the material but could not independently confirm that every file was genuine; the documents are reportedly dated anywhere from 2016 to mid-2025.
What has surfaced so far looks like engineering and project paperwork rather than reactor design work: drawings and layouts for cooling and ventilation systems, supplier and contractor lists, insurance files, and internal meeting and inspection notes, most of it tied to Units 3 and 4, which are still under construction. Analysts say that kind of material, while not reactor-critical, can still help a hostile actor map a facility's physical layout and support infrastructure, or work out who has access to what.
Reliance Group, controlled by businessman Anil Ambani, confirmed to Reuters that it had suffered a "partial" breach of data held on a server run by Indian data-centre firm Yotta, and said it had notified the government. It has not disclosed publicly what was taken. Yotta, for its part, said it picked up suspicious activity on the server in late May and moved to contain it at the time; Reliance's infrastructure subsidiary — which won the Units 3 and 4 contract in 2018 — later told Yotta that outside actors were claiming to have breached the data. Yotta says it cannot independently verify those claims either, but has shared its technical findings with Reliance and is cooperating with the ongoing inquiry.
Nickolas Roth, a senior director at the Nuclear Threat Initiative, told Reuters that if the documents are genuine, the breach could pose a "serious" risk, since detailed access and infrastructure records can help outsiders spot weaknesses even when the reactor itself stays out of reach.
That's the detail officials keep coming back to: Kudankulam's reactor control systems, built by Russia's state-owned Rosatom, run on networks that are physically separate from the administrative and contractor systems this breach appears to have hit. Nothing disclosed publicly so far points to any effect on power generation or reactor safety.
The Nuclear Power Corporation of India Limited (NPCIL) and the Indian Computer Emergency Response Team (CERT-In) are now working to establish whether the files are authentic, how the attackers got in, and whether anything classified made it into the leak.
Kudankulam sits in Tamil Nadu's Tirunelveli district and is central to India's plan to expand nuclear generation capacity. Units 1 and 2 are already feeding the grid; Units 3 and 4 are under construction and expected online around 2027; two further units are in earlier stages of planning. It isn't the plant's first brush with cyber trouble — in 2019, malware linked to a North Korean hacking group turned up on an internet-facing administrative network there, though officials said at the time that operational systems were never at risk.
World Leaks has struck before, having previously claimed breaches at companies including Nike and Tata Group while demanding ransom payments to avoid publishing stolen files. Security researchers say attacks on contractors and third-party vendors — often less well defended than the facilities they serve — have become one of the more common routes into sensitive Indian infrastructure, a pattern this incident appears to fit.
For now, officials have not confirmed that any classified nuclear information was exposed, and the investigation into both the leak's authenticity and its origin continues.
At a glance
- World Leaks posted 19,000+ files on the dark web, part of an alleged 858,000-file cache from Reliance Group
- Reliance has confirmed a "partial" breach on a server hosted by Yotta; authorities have been notified
- No evidence the plant's Rosatom-built reactor control systems were affected
- NPCIL and CERT-In are investigating; the files' authenticity has not been independently confirmed
Latest News
- EU Deepens Ukraine Defence Partnership Amid Russian Threat
- Has India's Diplomatic Momentum Slowed? Pakistan's Iran Deal Role Raises Questions
- DuckDuckGo 'No AI' Traffic Triples After Google I/O
- Twin Earthquakes Strike Venezuela, Killing 32 and Injuring Around 700
- US Waives Iran Sanctions 60 Days; Trump Warns on Compliance
- UK PM Keir Starmer Resigns, Andy Burnham Set to Replace
- Nobel Laureate John Jumper Leaves DeepMind for Anthropic
- UAE Bans Social Media for Under-15s in New Child Safety Law
- India Blocks Telegram Until June 22 Amid NEET-UG 2026 Re-Exam Fraud Fears
- Trump Says US-Iran Deal Near; Tehran Urges Caution