Ransomware group publishes sensitive data from Kudankulam Nuclear Plant contractor Reliance

Approximately 19,000 of the leaked files are described as the most sensitive out of roughly 858,000 Reliance documents linked to Kudankulam.
The leak reportedly includes meeting records, inspection records, equipment reviews, and insurance policies in addition to blueprints and supplier details.
Officials note that reactor designs themselves are not part of the leak; Rosatom-provided reactor designs are not included.
The documents span from 2016 to mid-2025, suggesting a long-running collection of data dating back nearly a decade.
Yotta detected suspicious activity on May 29 related to the Reliance server; the attempted ransomware execution was halted and the government was informed.
A ransomware group called World Leaks has dumped thousands of files tied to India's largest nuclear plant, Kudankulam, on the dark web. The cache includes purported blueprints, supplier details, meeting records, and inspection documents linked to Reliance Group, one of the plant's contractors, according to Reuters.
About 858,000 Reliance documents were exposed in total, with roughly 19,000 flagged as the most sensitive. Officials confirmed a partial breach on a server managed by Yotta, a third-party data center. Authorities were notified, and the attempted ransomware execution was stopped, according to Insurance Journal.
The leaked files span from 2016 to mid-2025 — nearly a decade of records. They include engineering blueprints, equipment reviews, insurance policies, and supplier details, according to Modern Diplomacy. The documents cover facilities at Kudankulam, which sits on India's southern coast in Tamil Nadu.
Crucially, officials say the reactor designs themselves were not exposed. Rosatom, the Russian state nuclear firm that built and designed the reactors, did not have its core blueprints included in the leak. Still, experts warn the exposed contractor data is enough to pose real security risks, according to Whales Book.
Yotta, the third-party data center hosting Reliance's server, spotted suspicious activity on May 29. The company halted the attempted ransomware attack before it could fully execute. The Indian government was informed shortly after, according to Insurance Journal.
Reliance Group has not disclosed exactly what data was compromised. Reuters could not independently verify the authenticity of the leaked files. World Leaks has not made any public comment on the breach, and the full scope of the leak remains under investigation, according to Reuters.
The Kudankulam plant currently runs two reactors. Units 3 and 4 are still being built and are expected to come online by 2027. Together, those two new units will add roughly 2,000 megawatts of power capacity to India's grid, according to Modern Diplomacy.
The ongoing construction means sensitive contractor files — like the ones now exposed — are actively in use. That makes the leak especially timely and potentially damaging, since the plant is still years away from completion.
World Leaks has previously targeted other high-profile organizations. The group's focus on nuclear infrastructure signals a broader and growing threat to India's critical facilities. Experts say even non-reactor data — like supplier lists and inspection records — can help bad actors map out vulnerabilities, according to Whales Book.
India has faced repeated cyberattacks on its energy and infrastructure sectors in recent years. This breach highlights how third-party contractors can become a weak link. A hack does not need to hit the reactor directly to cause serious harm.
Publishers
61
Articles
113
Reach
174