Files linked to the Kudankulam Nuclear Power Project were reportedly exposed in a data breach, raising concerns over cybersecurity preparedness for India’s critical energy infrastructure.
Files related to India’s largest nuclear power facility, the Kudankulam Nuclear Power Plant (KKNPP), have reportedly been exposed in a data breach, raising concerns over cybersecurity risks for critical infrastructure. The leaked information was allegedly published online by ransomware group World Leaks, which claimed to have released documents linked to the project.
The leaked data reportedly includes documents such as design-related files, supplier details, equipment review records, meeting documents, and insurance-related papers. The documents reviewed in reports were said to cover a period from 2016 to mid-2025, although their authenticity is still being examined.
The breach is linked with the data of Reliance Infrastructure, a construction company that will be handling construction of the coming units of the Kudankulam project Units 3 and 4. According to the reports, the company notified the authorities following the allegations of a data breach, where a server from a third-party data center was hacked.
According to reports, the exposed files do not include information about the reactors themselves, which are being delivered by Russian state-owned nuclear power technology company. However, cybersecurity specialists have noted that there might be risks associated with the data on infrastructure, suppliers, and layout of the facilities.
The documents allegedly include details related to ventilation and cooling system, the floor plans of some of the regions, vendors’ information, approved vendors, inspection documents, and project documents. According to the experts, such information would give the attackers information regarding certain aspects of the network infrastructure and any vulnerabilities present.
Reliance Infrastructure said that there was a partial compromise of one of its servers hosted by a third-party service provider. The company also informed that it has communicated this issue to the concerned government authorities.
The incident has raised questions regarding cybersecurity readiness in projects of critical infrastructures, especially those pertaining to nuclear energy, power plants, and national security. With an increasing integration of digital systems into industrial applications, it has been emphasized that more emphasis needs to be laid on cyber defence, audit, and data protection.
This is not the first time that a cybersecurity-related event has occurred at Kudankulam nuclear plant. In 2019, malware was found in its administrative system. It had been made clear by the authorities that the network, which was under attack, did not have any link to the plant’s operational control systems.
The latest breach highlights the growing need for stronger cybersecurity frameworks across India’s critical energy infrastructure as the country expands its nuclear power capacity.
The Kudankulam Nuclear Power Project is also linked to the government’s overall plan of expansion of nuclear energy capacities under Prime Minister Narendra Modi. The Centre has been working on developing nuclear energy capacities in order to ensure energy security for the country, to decrease its dependence on the import of fossil fuels, and to transition into renewable energy sources in the long run.
The Kudankulam Nuclear Power Project has been one of the most important parts of India’s nuclear power projects and the increase in capacity is in accordance with the government’s goal of expansion of nuclear energy capacities.
The reported data breach involving files related to the project has therefore raised concerns not only for the companies involved but also for India’s critical energy infrastructure, which remains a priority area under the government’s energy security agenda.
What's Your Reaction?
