NEW DELHI — India’s critical infrastructure security is under intense scrutiny following a massive data leak involving the Kudankulam Nuclear Power Plant (KKNPP), the nation’s largest nuclear power facility. While authorities have rushed to reassure the public that core reactor safety systems remain completely isolated and secure, cybersecurity experts warn that the exposure of detailed facility blueprints poses a significant long-term risk.
The incident came to light after the prominent ransomware group, World Leaks, published a massive cache of stolen data on the dark web. This affair underscores the risks associated with a large-scale Data Leak, as the trove comprises approximately 19,000 files totaling 14.3 GB of data, with documents spanning nearly a decade from 2016 to mid-2025.
Third-Party Provider Exploited
According to official statements and corporate filings, the breach did not target the nuclear facility directly. Instead, hackers successfully infiltrated an external server belonging to Reliance Infrastructure Ltd., a major contractor tasked with the construction of Kudankulam’s upcoming expansion units. In this case, the Data Leak originated from a compromised server hosted by Yotta, a prominent third-party Indian data center provider.
In a statement addressing the incident, Reliance Group acknowledged a “partial data breach” on the external server, adding that the Indian Computer Emergency Response Team (CERT-In) was immediately notified.
Core Systems Unaffected, Says NPCIL
The Nuclear Power Corporation of India Limited (NPCIL) issued a clarifying statement to mitigate public concern, emphasizing that the breach has zero impact on operational or nuclear safety networks. Notably, no Data Leak has affected the critical operational systems.
According to NPCIL, the stolen files relate strictly to the facility’s Balance of Plant (BoP) infrastructure. The BoP encompasses conventional utility, support, and auxiliary systems such as ventilation, water piping, and common control room floor layouts which are distinct from critical reactor operations.
Officials reiterated that Kudankulam’s core operational networks utilize an “air-gapped” architecture, meaning they are completely physically isolated from the internet and external corporate networks. Furthermore, the primary reactor designs are managed by Russia’s state-owned atomic energy corporation, Rosatom, and were not a part of the compromised contractor files.
The Target: Units 3 and 4
Independent cybersecurity researchers who reviewed the dark web dump confirmed that the files heavily focus on Units 3 and 4, the multi-billion-dollar expansion projects currently under construction at the Tamil Nadu site. These units are slated to become fully operational by 2027, and experts consider this Data Leak particularly sensitive for national security.
The leaked cache includes:
- Detailed engineering drawings of ventilation and auxiliary cooling systems.
- Architectural floor plans for common auxiliary buildings.
- Vendor proposals, insurance policies, and approved supplier lists.
Experts Warn of Supply Chain Vulnerabilities
Despite official assurances that the reactors are safe, defense and cybersecurity analysts argue that downplaying the leak is dangerous. Independent experts note that while an air-gap protects against immediate remote hijacking, possessing 14 gigabytes of structural blueprints and vendor lists gives adversaries a highly detailed physical and logistical map of the facility. Risks posed by a Data Leak of blueprints and supplier information are far-reaching, making supply chain vulnerabilities more critical.
“Knowing the exact layout of support utilities, piping, and the names of approved suppliers opens the door to sophisticated supply chain attacks or physical sabotage planning,” one corporate security analyst noted. “Critical infrastructure is only as secure as its weakest third-party contractor.”
The incident marks the second major cyber-scare for the Kudankulam facility. In 2019, the plant’s administrative network was infected with Dtrack malware, which was later linked by international intelligence agencies to North Korean state-backed hackers. As in 2019, operational networks were not breached, but concerns about repeated Data Leak episodes persist.
An investigation spearheaded by CERT-In and NPCIL is currently underway to determine the exact security failures that led to the Yotta data center breach and to reassess the cybersecurity protocols required for all third-party contractors handling state infrastructure projects.

