Dark web leak raises security fears over India’s biggest nuclear plant

Experts warn leaked files could aid hostile actors; reactor systems not affected

Last updated:
Stephen N R, Senior Associate Editor
The leaked files are said to relate to the Kudankulam Nuclear Power Plant in Tamil Nadu, India’s biggest nuclear power station, where two additional reactors are under construction.
The leaked files are said to relate to the Kudankulam Nuclear Power Plant in Tamil Nadu, India’s biggest nuclear power station, where two additional reactors are under construction.

Dubai: Thousands of documents allegedly linked to India’s largest nuclear power project have been published on the dark web, prompting cybersecurity concerns and an official investigation into what experts say could pose a significant security risk.

The leaked files are said to relate to the Kudankulam Nuclear Power Plant in Tamil Nadu, India’s biggest nuclear power station, where two additional reactors are under construction.

According to a Reuters investigation, ransomware group World Leaks claims to have released more than 19,000 files from a much larger cache of about 858,000 documents allegedly stolen from the Reliance Group, one of the project’s contractors.

What’s in the leaked files?

  • According to Reuters, the documents reportedly include:

  • Ventilation and cooling system drawings

  • Control room floor plans

  • Equipment inspection reports

  • Supplier and vendor lists

  • Insurance documents

  • Internal meeting records

  • Not reportedly leaked:

  • Reactor core designs

  • Critical nuclear technology supplied by Rosatom

Reliance Group confirmed to Reuters that a partial data breach had occurred on a server hosted by third-party data centre provider Yotta and said the government had been informed. However, the company did not disclose what information had been compromised.

What was leaked?

Reuters said it reviewed the leaked documents, although it could not independently verify their authenticity.

The files reportedly include engineering drawings for ventilation and cooling systems, floor plans of a common control room, equipment inspection reports, supplier lists, vendor proposals, insurance documents and internal meeting records.

Most of the material relates to Units 3 and 4 of the Kudankulam project, which are under construction and are expected to begin operations by 2027.

The leaked documents do not appear to contain designs for the nuclear reactor core or other critical reactor technologies supplied by Russia’s state-owned Rosatom.

Experts warn of security risks

Cybersecurity and nuclear security experts nevertheless warned that the exposed information could still prove valuable to hostile actors.

Nickolas Roth, Senior Director at the Nuclear Threat Initiative, told Reuters the breach could pose a “serious” risk because the documents may reveal who has access to sensitive systems and how supporting infrastructure is organised.

Even if reactor operations remain secure, experts say attackers could exploit vulnerabilities in associated infrastructure, contractors or supply chains.

Probe underway

India’s Computer Emergency Response Team (CERT-In) and the Nuclear Power Corporation of India are investigating the incident, according to Reuters.

Yotta said it detected suspicious activity on one of its servers on May 29 and prevented what appeared to be a ransomware attack. It later received information from Reliance Infrastructure indicating that hackers were claiming to possess stolen data.

Neither India’s Department of Atomic Energy nor the Prime Minister’s Office publicly commented on Reuters’ findings.

The incident comes amid growing concern over cybersecurity across India’s critical infrastructure. According to cybersecurity firm Surfshark, nearly 29 million Indian accounts were compromised last year, while industry surveys suggest many organisations remain unaware they have been targeted or lack basic cyber hygiene practices.

Stephen N R
Stephen N RSenior Associate Editor
A Senior Associate Editor with more than 30 years in the media, Stephen N.R. curates, edits and publishes impactful stories for Gulf News — both in print and online — focusing on Middle East politics, student issues and explainers on global topics. Stephen has spent most of his career in journalism, working behind the scenes — shaping headlines, editing copy and putting together newspaper pages with precision. For the past many years, he has brought that same dedication to the Gulf News digital team, where he curates stories, crafts explainers and helps keep both the web and print editions sharp and engaging.
Related Topics:

Get Updates on Topics You Choose

By signing up, you agree to our Privacy Policy and Terms of Use.
Up Next