The Nuclear Power Corporation of India Ltd (NPCIL) has addressed concerns about a recent data breach involving the Kudankulam Nuclear Power Project (KKNPP). On July 16, 2026, NPCIL stated that the leaked information pertains solely to conventional facilities and does not impact nuclear safety or security systems at the plant.
The breach reportedly involved thousands of files linked to Kudankulam Units 3 and 4, which were posted online by a ransomware group called World Leaks. These files allegedly include engineering drawings, supplier details, inspection records, and insurance documents. However, NPCIL emphasized that none of the compromised data involves nuclear safety or security-related information.
Understanding the Kudankulam Data Breach
Kudankulam Nuclear Power Project is one of India’s largest nuclear power plants, located in Tamil Nadu. Units 3 and 4 are under construction and involve multiple contractors. The recent cyber breach originated from Reliance Infrastructure, which holds the engineering, procurement, and construction (EPC) contract for the Common Services-Balance of Plant (BOP) package at these units.
The BOP package includes conventional facilities such as ventilation, cooling systems, and other infrastructure commonly found in thermal power plants and industrial settings. These systems support the plant’s operations but are separate from the nuclear reactor’s safety and security mechanisms.
Key Facts About the Data Leak
- Nearly 19,000 files were uploaded by the ransomware group World Leaks, allegedly connected to Kudankulam Units 3 and 4.
- The leaked files reportedly contain blueprints of ventilation and cooling systems, supplier information, inspection records, and insurance documents.
- Reliance Infrastructure’s contract for the BOP package was awarded in 2018 through a public tender process.
- NPCIL provided indicative drawings and technical specifications to bidders during the tender, which Reliance Infrastructure used to prepare detailed engineering drawings.
- All engineering documents were reviewed and approved by NPCIL to ensure compliance with technical standards.
- Reliance Infrastructure confirmed a "partial breach" of its data hosted on a third-party data center operated by Yotta, which detected suspicious activity in May and terminated the compromised server.
Why NPCIL’s Statement Matters for Public Safety
NPCIL’s clarification aims to reassure the public and stakeholders that the leaked data does not compromise the nuclear plant’s safety or security. The distinction between conventional Balance of Plant systems and nuclear safety systems is crucial because the latter are subject to stringent regulatory controls and are designed to prevent any risk of nuclear accidents.
By confirming that the breach involves only conventional infrastructure, NPCIL indicates that the core nuclear operations remain secure. This helps maintain confidence in the safety of the Kudankulam plant, which is vital given the sensitive nature of nuclear energy projects and public concerns about cybersecurity threats.
Additionally, the incident highlights the growing challenge of protecting critical infrastructure from cyberattacks, especially when multiple contractors and third-party service providers are involved. It underscores the importance of robust cybersecurity measures across all levels of infrastructure management.
Frequently Asked Questions
Q: What kind of data was leaked in the Kudankulam breach?
A: The leaked data includes engineering drawings of ventilation and cooling systems, supplier information, inspection records, and insurance documents related to conventional facilities at Kudankulam Units 3 and 4.
Q: Does the data leak affect nuclear safety at Kudankulam?
A: No. NPCIL has confirmed that the leaked information does not involve nuclear safety or security systems and therefore does not impact the plant’s nuclear safety.
Q: How did the data breach occur?
A: The breach happened through a cyberattack on Reliance Infrastructure’s server hosted by a third-party data center, Yotta. Suspicious activity was detected in May, and the compromised server was shut down promptly.
