Reliance breach exposes Kudankulam nuclear plant files
A ransomware attack on Reliance Infrastructure has exposed blueprints and supplier details for India's largest nuclear power plant, underscoring the systemic cyber risks plaguing the country's critical infrastructure sector.
Ransomware group World Leaks has published 19,000 files on the dark web related to the Kudankulam Nuclear Power Plant in Tamil Nadu. The leaked cache represents the most sensitive portion of a total 858,000 Reliance files on the site and is dated from 2016 to mid-2025. It purportedly includes blueprints for cooling and ventilation systems, floor layouts, and supplier records.
Reliance Group confirmed a "partial breach" of its data, stating the compromised information was housed on a server operated by third-party provider Yotta. Reliance Infrastructure, a subsidiary of the conglomerate, won a 2018 contract to build infrastructure for Kudankulam's Units 3 and 4. These reactors are central to Prime Minister Narendra Modi's atomic energy strategy and are slated to add 2,000 megawatts of capacity by 2027.
The exposure of detailed vendor lists and joint inspection records threatens the integrity of that supply chain. For Reliance Infrastructure and its partners, the leak creates potential liability issues and raises the prospect of costly security retrofits to address compromised physical layouts.
Among the exposed documents is a purported insurance policy entitling Reliance Infrastructure and the state-run Nuclear Power Corporation of India to $112 million in the event of a terrorist attack on either new unit. While the stolen files do not include the core reactor systems supplied by Russia's Rosatom, security experts warn the operational details pose a severe risk. "They could show an adversary not just who has access to the project but which systems that access reaches," said Nickolas Roth, a senior director at the Nuclear Threat Initiative.
The breach highlights the systemic cyber vulnerabilities within India's rapidly expanding infrastructure sector. The country ranks third globally for data breaches, with 28.9 million accounts compromised last year, according to cybersecurity firm Surfshark. A recent survey by the Data Security Council of India found that 73% of organisations were unaware if they had ever been attacked, while 57% lacked basic cyber hygiene. For institutional investors, the reliance on contractors with inadequate digital defences and third-party data hosts represents a material, unpriced risk to major capital projects.
Yotta detected suspicious activity on the Reliance server on May 29 and stated it prevented ransomware execution, though Reliance only informed the provider of the breach claims in late June. India's main cybersecurity agency, CERT-In, is now investigating alongside the Nuclear Power Corporation. World Leaks, which recently posted Tata Group files after an ignored $1.5 million ransom demand, has a clear track record of targeting large Indian conglomerates. It marks the second cyber incident at Kudankulam, following the discovery of North Korean-linked malware on its administrative network in 2019.