Kudankulam Nuclear Plant Data Leak: 1.2 TB Files Exposed

TECHNOLOGY
Whalesbook Logo
AuthorKavya Nair|Published at:
Kudankulam Nuclear Plant Data Leak: 1.2 TB Files Exposed

A massive data breach involving 1.2 terabytes of files from the Kudankulam Nuclear Power Plant has been confirmed by the Nuclear Power Corporation of India Limited. The leak, originating from a contractor, includes engineering drawings and employee records, raising security concerns for India's critical infrastructure.

The Nuclear Power Corporation of India Limited (NPCIL) is addressing a significant cybersecurity breach involving its Kudankulam Nuclear Power Plant (KKNPP). A massive cache of 1.2 terabytes of data, containing over 850,000 files, was accessed and exposed by a group known as World Leaks. This incident marks a notable challenge for the security of India's largest civil nuclear project, highlighting risks associated with third-party data management.

Origin and Content of the Leaked Data

According to official statements, the breach did not occur within the core nuclear operating systems but originated from a contractor, Reliance Infrastructure Ltd. The exposed data is extensive, with nearly half of the volume, approximately 250 gigabytes, consisting of human resources records and employee information, including sensitive Aadhaar details. Another 35%, or 180 gigabytes, contains engineering design records and technical layouts. The remainder of the cache includes internal emails, procurement documents, tender details, and construction-related correspondence.

Implications for Critical Infrastructure

While NPCIL has clarified that the leaked files pertain to conventional Balance of Plant (BoP) systems and do not affect reactor safety, the incident has drawn attention from cybersecurity experts. The availability of detailed engineering drawings, supply chain records, and internal communications poses a potential risk for reconnaissance and targeted digital threats against critical infrastructure. This event is particularly sensitive given that the facility is a key component of India’s energy production. This is not the first such incident at the site; a prior cyber event was recorded in 2019, which underscores the persistent challenge of securing extended digital supply chains in sensitive sectors.

Investor and Operational Context

For investors and stakeholders, the event highlights the growing operational risks associated with cybersecurity and third-party data management in large-scale infrastructure projects. As NPCIL continues its construction and operational phases at Kudankulam, the ability to protect intellectual property and sensitive contractor data becomes a significant factor in operational stability. Investors may continue to monitor how the company manages the remediation of this breach, including any potential regulatory oversight or changes in its cybersecurity framework for contractors. Future updates regarding official investigations, data protection measures, and any potential liability regarding the contractor's security practices will be the primary areas to track.

Disclaimer: This article is published for informational purposes only. This is not a buy sell recommendation.