Reliance Group Confirms Data Breach Linked to Kudankulam Plant

TECHNOLOGY
Whalesbook Logo
AuthorAnanya Iyer|Published at:
Reliance Group Confirms Data Breach Linked to Kudankulam Plant

Reliance Group confirmed a partial data breach involving a third-party server, with files related to the Kudankulam Nuclear Power Plant appearing online. While the reactor systems remain unaffected, the incident raises questions about third-party cybersecurity practices. Government agencies, including CERT-In, are investigating the scope of the exposed data.

Reliance Group has acknowledged a security incident involving a partial data breach on a server managed by Yotta, a third-party data center provider. The breach involves files related to the Kudankulam Nuclear Power Plant, India’s largest nuclear facility. The company has confirmed that it has alerted government authorities regarding the incident.

Nature of the Exposed Data

Reports indicate that a ransomware group known as World Leaks published approximately 19,000 files online. These documents date from 2016 through mid-2025 and reportedly contain information such as supplier details, meeting records, and blueprints for facility components, including cooling and ventilation systems. The primary reactor systems, which were provided by Russia’s Rosatom, do not appear to be part of the compromised data set. However, security experts suggest that exposed infrastructure details can sometimes be analyzed to identify potential vulnerabilities in facility management.

Cybersecurity Risks in Industrial Projects

This incident brings attention to the reliance of large-scale infrastructure projects on third-party digital service providers. When contractors or vendors manage data for sensitive government projects, their cybersecurity standards directly impact the security profile of the entire facility. This is not the first time the Kudankulam facility has faced cyber-related concerns; in 2019, reports emerged regarding malware, though authorities at the time stated that critical operational systems remained secure.

Regulatory and Safety Monitorables

For investors and stakeholders, the primary monitorable is the outcome of the ongoing investigation by the Indian Computer Emergency Response Team (CERT-In). The inquiry will likely focus on whether the breach violated specific data security mandates for critical national infrastructure. While Reliance Group has stated it is cooperating with authorities, the incident highlights the broader operational risk that cyber threats pose to large Indian corporations and government projects.

Beyond the immediate security impact, investors may watch for any potential regulatory fallout or changes in data security protocols for contractors involved in national energy projects. Future updates will depend on the final report from investigators and any subsequent measures taken to bolster security infrastructure around third-party data hosting.

Disclaimer:This article is published for informational purposes only. While reasonable efforts are made to ensure accuracy, completeness, and timeliness, readers are encouraged to independently verify information before making any decisions based on the content. The views and information presented are subject to editorial review and may be updated without notice.