The Sheffield Press

Technology

Ransomware gang leaks files tied to India’s Kudankulam nuclear plant

By Sarah Mitchell ·
Ransomware gang leaks files tied to India’s Kudankulam nuclear plant

World Leaks posted a large cache of files on the dark web that it said came from Reliance Group and touched India’s Kudankulam nuclear plant in Tamil Nadu. The material was described as including purported blueprints of parts of the facility and supplier details, a combination that raises questions far beyond one contractor’s data loss because it reaches into the supply chain behind critical infrastructure.

Yotta, the third-party data-centre provider that hosted a server for Reliance Infrastructure, said it detected suspicious activity on May 29, 2026 on that server. Reliance Group said it suffered a partial breach of data on the hosted server and that the government had been informed. The company did not say exactly what was exposed, and the authenticity of the leaked documents could not be independently verified, leaving open the possibility that a cybercriminal group mixed genuine files with misleading material to intensify pressure.

Even so, the sample included material dated from 2016 through mid-2025, suggesting the exposure may have reached deep into long-lived engineering, procurement and vendor records rather than only recent operational data. Later coverage said the trove may have included roughly 19,000 files. If sensitive information about nuclear infrastructure, maintenance work or contractor relationships was included, the leak would point to a broader vulnerability in the network of outside providers and subcontractors that support major atomic projects.

AI-generated illustration
AI-generated illustration

Kudankulam is not a routine industrial site. Nuclear Power Corporation of India Limited says the plant has two operational units and four more approved for the site, with Units 1 and 2 built as 2 x 1000 MWe VVER reactors and Units 3 to 6 approved for construction toward a planned total capacity of 6,000 MW. Public reporting in April 2026 said NPCIL announced a commissioning milestone for Unit 3 on April 25, underscoring that work at the site is active and ongoing.

The project’s long history adds to the stakes. The Kudankulam agreement dates to 1988 between India and the Soviet Union, with later agreements in 1998 and 2008 expanding the project after years of delay tied to equipment delivery problems and local protests, including opposition from fishermen. Built in phases under India’s Department of Atomic Energy and linked to Prime Minister Narendra Modi’s push to expand atomic energy capacity, the plant sits at the center of a national debate over how well India can secure the vendors, data systems and approvals that now surround its nuclear sector.

technologyRansomwareIndia’s Kudankulam