New Delhi: A huge cache of files related to India’s largest nuclear plant, including purported blueprints of parts of its facilities and supplier details have been posted on the dark web by ransomware group World Leaks.
The files allegedly came from Anil Ambani’s Reliance Group.
Reliance Group, one of the plant’s contractors, told Reuters in a statement that there had been a “partial breach” of its data on a server hosted by third-party Indian data centre service provider Yotta, and the government has been informed about the incident.
The files are related to the Tamil Nadu-based Kudankulam Nuclear Power Plant, which is the largest of India’s seven nuclear plants. Reliance did not disclose what data had been breached.
Nickolas Roth, a senior director at the Nuclear Threat Initiative (NTI), said that the data breach could pose a “serious” risk to the safety of the plant. The NTI advises governments and benchmarks countries’ preparedness on nuclear security. The breach also underscores how hacks have become more common in India, where many companies are ill-equipped to deal with such threats.
Reuters reviewed the documents, which were dated from 2016 to mid-2025, but could not verify their authenticity. In addition to some blueprints and supplier details, they purportedly show meeting and inspection records, equipment reviews and insurance policies, as reported by India Today.
Of a total of 858,000 Reliance files on the World Leaks website, the 19,000 files appeared to be the most sensitive.
One of the Reliance Group’s subsidiaries, Reliance Infrastructure, won a contract in 2018 to design and build infrastructure for units 3 and 4 of the nuclear power plant. Both units, still under construction, are due to be operational by 2027 and are slated to generate a combined 2,000 megawatts of electricity.
World Leaks, a notorious ransomware group that previously targeted Nike and India’s Tata Group, did not respond to Reuters queries on the Reliance data breach.
It typically posts stolen corporate data on its website after companies decline to pay the ransom demanded. Its website can only be accessed with a specialised browser.
World Leaks had told Reuters in June that it had sought $1.5 million in ransom for Tata Group files that contained confidential component designs of clients Apple and Tesla, adding that it posted the data after Tata “ignored” its demand.
While the Nuclear Power Corporation of India (NPCI), which commissions and operates the country’s nuclear power plants, has been communicating with Reliance about the breach, India’s main cybersecurity agency — the Indian Computer Emergency Response Team (CERT-In) — is looking into the incident, according to a source familiar with the matter.
NPCI chairman Rajesh Veeraraghavan, CERT-In and the government’s main press office did not respond to repeated requests for comment.
In a statement, Yotta said it had noted suspicious activity on May 29 on a server it hosts that belongs to Reliance Infrastructure. It said the activity was immediately terminated and that the suspected ransomware execution was prevented, but Reliance Infrastructure informed it at the end of June that there had been claims of a data breach made by “external threat actors.”
It has not been able to verify the claims of the “threat actor”, but added that it has shared its detailed technical investigation with Reliance Infrastructure and supports an ongoing investigation, Yotta said.
While India’s Department of Atomic Energy declined to comment, the Prime Minister’s Office did not respond to Reuters queries.
Though the documents posted on World Leaks do not appear to relate to the nuclear reactors’ core systems, which are supplied by Russia’s state-owned Rosatom, they did contain purported blueprints for the ventilation and cooling systems used in Unit 3 and Unit 4, as well as what appeared to be the complete floor layout of a “common control room”.
The files also included what appeared to be vendor proposals, a list of approved suppliers, and a record of a 2024 meeting about a joint inspection by the NPCI and Reliance, with photos of equipment.
Reliance Infrastructure and the NPCI apparently took out an insurance policy that would entitle them to $112 million if either Unit 3 or Unit 4 were to suffer an act of terrorism, another document reveals.
In theory, the files, in the hands of bad actors, could be exploited to map the plant’s support systems, identify its suppliers and pinpoint weaknesses in its security chain, researchers said.
According to Roth, they could “show an adversary not just who has access to the project but which systems that access reaches”.
Cybersecurity company Surfshark claims that India ranks third among a list of countries suffering the most data breaches, with 28.9 million accounts compromised last year. The country lags only the US and France.
Data Security Council of India and cybersecurity firm Seqrite said in a report last year that of 204 organisations surveyed across India, some 73% were “unaware if they have ever been attacked” while 57% lack cyber hygiene practices.
This is the second time that the Kudankulam plant has been linked to a cyber incident, with malware tied to a North Korean hacker group found on the plant’s administrative network in 2019. The NPCI had said at that time that the matter was investigated immediately and plant systems were not affected.













