Experts warn leaked files could aid hostile actors; reactor systems not affected

Dubai: Thousands of documents allegedly linked to India’s largest nuclear power project have been published on the dark web, prompting cybersecurity concerns and an official investigation into what experts say could pose a significant security risk.
The leaked files are said to relate to the Kudankulam Nuclear Power Plant in Tamil Nadu, India’s biggest nuclear power station, where two additional reactors are under construction.
According to a Reuters investigation, ransomware group World Leaks claims to have released more than 19,000 files from a much larger cache of about 858,000 documents allegedly stolen from the Reliance Group, one of the project’s contractors.
According to Reuters, the documents reportedly include:
Ventilation and cooling system drawings
Control room floor plans
Equipment inspection reports
Supplier and vendor lists
Insurance documents
Internal meeting records
Not reportedly leaked:
Reactor core designs
Critical nuclear technology supplied by Rosatom
Reliance Group confirmed to Reuters that a partial data breach had occurred on a server hosted by third-party data centre provider Yotta and said the government had been informed. However, the company did not disclose what information had been compromised.
Reuters said it reviewed the leaked documents, although it could not independently verify their authenticity.
The files reportedly include engineering drawings for ventilation and cooling systems, floor plans of a common control room, equipment inspection reports, supplier lists, vendor proposals, insurance documents and internal meeting records.
Most of the material relates to Units 3 and 4 of the Kudankulam project, which are under construction and are expected to begin operations by 2027.
The leaked documents do not appear to contain designs for the nuclear reactor core or other critical reactor technologies supplied by Russia’s state-owned Rosatom.
Cybersecurity and nuclear security experts nevertheless warned that the exposed information could still prove valuable to hostile actors.
Nickolas Roth, Senior Director at the Nuclear Threat Initiative, told Reuters the breach could pose a “serious” risk because the documents may reveal who has access to sensitive systems and how supporting infrastructure is organised.
Even if reactor operations remain secure, experts say attackers could exploit vulnerabilities in associated infrastructure, contractors or supply chains.
India’s Computer Emergency Response Team (CERT-In) and the Nuclear Power Corporation of India are investigating the incident, according to Reuters.
Yotta said it detected suspicious activity on one of its servers on May 29 and prevented what appeared to be a ransomware attack. It later received information from Reliance Infrastructure indicating that hackers were claiming to possess stolen data.
Neither India’s Department of Atomic Energy nor the Prime Minister’s Office publicly commented on Reuters’ findings.
The incident comes amid growing concern over cybersecurity across India’s critical infrastructure. According to cybersecurity firm Surfshark, nearly 29 million Indian accounts were compromised last year, while industry surveys suggest many organisations remain unaware they have been targeted or lack basic cyber hygiene practices.