Kudankulam Nuclear Plant Data Breach: Reliance Confirms Incident

TECHNOLOGY
Whalesbook Logo
AuthorAnanya Iyer|Published at:
Kudankulam Nuclear Plant Data Breach: Reliance Confirms Incident

Files linked to the Kudankulam Nuclear Power Plant were posted on the dark web following a breach at a third-party server hosted by Reliance Group. The incident involves supplier details and infrastructure documents, triggering an investigation by CERT-In. Investors may monitor how this affects contractor security protocols and regulatory oversight for critical infrastructure projects.

A security breach involving documents linked to the Kudankulam Nuclear Power Plant has surfaced, with a group identified as World Leaks reportedly posting internal files on the dark web. The data, which emerged in June 2026, includes vendor proposals, floor layouts, and technical details regarding ventilation and cooling systems for the plant's Units 3 and 4. While the documents do not appear to involve the core reactor systems supplied by Russia's Rosatom, the incident has prompted a formal investigation by the Nuclear Power Corporation of India (NPCIL) and the Indian Computer Emergency Response Team (CERT-In).

Contractor Confirms Server Breach

Reliance Group confirmed a partial breach of a server it managed, which was hosted by data center provider Yotta. The company noted that the breach involved a third-party server and stated it has notified government authorities to address the security lapse. Yotta reported that it detected suspicious activity on a server hosted by Reliance Infrastructure on May 29 and subsequently terminated the access. The provider is currently cooperating with the investigation and has shared technical logs with the affected parties to assist in identifying the extent of the exposure.

Impact on Infrastructure and Cybersecurity

The leaked cache reportedly totals 14.3 gigabytes of data and includes meeting minutes, inspection records, and equipment reviews dating from 2016 to mid-2025. Cybersecurity analysts suggest that while the information does not directly control the reactors, the exposure of support system layouts and supplier details could create secondary risks by identifying potential vulnerabilities in the facility's perimeter or supply chain logistics. The documents also referenced a $112 million insurance policy covering potential acts of terrorism for specific units, highlighting the significant financial and security sensitivity of the project.

Wider Implications for Critical Assets

This incident has drawn attention to the vulnerability of critical infrastructure in India, as data breaches remain a persistent challenge for major organizations. For investors, the event underscores the importance of cybersecurity spending and data governance among large contractors managing critical national projects. The ability of companies to safeguard technical data and maintain high standards of cyber hygiene is becoming a critical component of operational risk management. Future updates will likely center on the findings of the CERT-In investigation, potential regulatory actions regarding data handling protocols, and whether this incident necessitates further investment in cybersecurity infrastructure by contractors involved in sensitive energy and defense projects.

Disclaimer:This article is published for informational purposes only. While reasonable efforts are made to ensure accuracy, completeness, and timeliness, readers are encouraged to independently verify information before making any decisions based on the content. The views and information presented are subject to editorial review and may be updated without notice.