Skip to content
Data breachUnknown

World Leaks publishes Kudankulam nuclear plant files from a Reliance Group data breach

The extortion group World Leaks leaked roughly 19,000 files tied to India's Kudankulam nuclear plant, taken from what Reliance Group called a partial breach of its data at a third-party data centre.

Victim
Reliance Group

On or around 15 July 2026, Indian media reported that the data-extortion group World Leaks had published a large cache of files relating to India's Kudankulam Nuclear Power Plant (KKNP) โ€” the country's largest nuclear generating station, in Tamil Nadu โ€” on its dark-web leak site. The roughly 19,000 files, totalling about 14.3 GB, had reportedly been online since 11 June 2026 and formed part of a far larger trove โ€” some 858,000 files โ€” that the group attributed to Reliance Group. Reliance Group acknowledged a "partial breach" of its data and said the Indian government had been informed.

The exposed documents did not come from the plant operator's own network but from a Reliance server hosted at a third-party data centre run by Yotta. According to Yotta, it detected and terminated suspicious activity on 29 May 2026 on a server it hosts for Reliance Infrastructure, saying it prevented a suspected ransomware execution; Reliance Infrastructure later informed Yotta, at the end of June, that external threat actors had claimed a data breach. The episode underscored how a contractor's exposure at a shared hosting provider can put sensitive material about critical national infrastructure into criminal hands.

What was in the leak

Reviews of the KKNP-tagged files described purported blueprints for ventilation and cooling systems used in the plant's Units 3 and 4, as well as what appeared to be the complete floor layout of a "common control room." The cache also reportedly contained vendor proposals, a list of approved suppliers, and a record of a 2024 meeting on a joint inspection by the Nuclear Power Corporation of India (NPCIL) and Reliance, complete with photographs of equipment. The files appeared to be engineering, procurement and project-management records tied to Reliance's contractor role rather than operational reactor data.

Official response and reactor safety

The Nuclear Power Corporation of India (NPCIL), which operates the country's nuclear plants, said the breach did not reveal any sensitive information related to nuclear security, and reporting noted that the leaked documents did not appear to relate to the reactors' core systems, which are supplied by Russia's state-owned Rosatom. India's national computer-emergency team, CERT-In, opened an investigation, and NPCIL said it was in communication with Reliance. Because the intrusion was attributed to a third-party hosting environment, the leaked material was already public, and the full scope of what was taken had not been independently established at the time of reporting, the incident's status remained unknown.

Timeline

  1. Data-centre provider Yotta says it detected and terminated suspicious activity on a server it hosts for Reliance Infrastructure, adding that a suspected ransomware execution was prevented.

  2. Roughly 19,000 files tagged 'KKNP' (Kudankulam Nuclear Power Plant), totalling about 14.3 GB, appear on the World Leaks dark-web leak site.

  3. Reliance Infrastructure informs Yotta that external threat actors have claimed a data breach.

  4. Indian media report the leak widely; Reliance Group acknowledges a 'partial breach' and says the government has been informed, while NPCIL says no sensitive nuclear-security information was exposed and CERT-In investigates.

Sources

  1. aljazeera.comhttps://www.aljazeera.com/news/2026/7/16/data-breach-reportedly-targets-indias-kudankulam-nuclear-power-plant
  2. business-standard.comhttps://www.business-standard.com/technology/tech-news/files-relating-to-kudankulam-nuclear-power-plant-exposed-in-data-breach-126071500819_1.html
  3. theweek.inhttps://www.theweek.in/news/india/2026/07/15/india-s-nuclear-files-leaked-on-dark-web-858000-files-from-kudankulam-plant-out-reliance-group-admits-partial-breach.html
  4. thenewsminute.comhttps://www.thenewsminute.com/tamil-nadu/npcil-cyber-attack-explained-what-was-leaked-in-the-kudankulam-data-breach
  5. outlookindia.comhttps://www.outlookindia.com/national/ransomware-group-reportedly-leaks-kudankulam-nuclear-plant-blueprints
  6. freepressjournal.inhttps://www.freepressjournal.in/india/kudankulam-nuclear-power-plant-files-leaked-reliance-confirms-partial-data-breach-probe-underway

Related incidents

Data breachOngoing

Leak at ENI

In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.

Victim
ENI