
3 min readNew DelhiUpdated: Jul 16, 2026 02:04 AM IST
The Kudankulam Nuclear Power Plant, located in the southern state of Tamil Nadu, is the largest of India's seven nuclear plants (Express Archive)
Following reports of a data breach at the Kudankulam Nuclear Power Plant, the Nuclear Power Corporation of India Limited (NPCIL) said on Wednesday that the leaked information does not pertain to any nuclear safety or security systems.
In a statement, NPCIL said the compromised data relates only to the plant’s conventional Balance of Plant (BoP) common service facilities, for which Reliance Infrastructure Ltd was awarded a contract in 2018.
Located in Tirunelveli district of Tamil Nadu, Kudankulam Nuclear Power Plant consists of six units of Pressurised Water Reactors of VVER design, which were established in technical collaboration with Russia. The first two units (KKNPP Units-1 & 2) are already in operation, while Units 3 and 4 are still under construction and are due to be operational by 2027. The remaining two units are at different stages of progress.
The present data breach is related to Units 3 and 4.
NPCIL said the Engineering, Procurement and Construction (EPC) contract for BoP common services package was awarded to Reliance Infrastructure Ltd in 2018 through a public tender process. The scope of the contract included engineering, procurement/supply, construction and commissioning of common service facilities.
“These facilities are of conventional nature and are typically found in thermal power plants as well as other process industries. They are not related to nuclear safety or nuclear security systems,” NPCIL said.
NPCIL said it provided indicative drawings and technical specifications to the bidders as part of the public tendering process. “Based on these inputs and the requirements of the project, the EPC contractor, M/s Reliance Infrastructure Ltd, prepared detailed engineering drawings in consultation with the respective Original Equipment Manufacturers (OEMs). The designs proposed by Reliance Infra Ltd, meeting the technical specifications, are accepted by NPCIL after review,” it said.
Story continues below this ad
On Wednesday, Reuters reported that ransomware group World Leaks had published a large cache of files purportedly linked to the Kudankulam Nuclear Power Plant on the dark web. The leaked archive, reportedly online since June 11, contains nearly 19,000 files totalling about 14.3 gigabytes, it said.
The report said that the documents span the period from 2016 to mid-2025, and include blueprints, supplier information, meeting and inspection records, equipment reviews and insurance policies.
The Anil Ambani-led Reliance Group, whose subsidiary Reliance Infrastructure Ltd was awarded the EPC contract in 2018, told Reuters in a statement that there had been a “partial breach” of its data on a server hosted by third-party Indian data centre service provider Yotta, and the government had been informed about the incident.
The report also quoted Yotta’s statement that it had noted suspicious activity on May 29 on a server it hosts that belongs to Reliance Infrastructure. It said the activity was immediately terminated and the suspected ransomware execution was prevented, but Reliance Infrastructure informed it at the end of June that there had been claims of a data breach made by “external threat actors”, according to the report.
View original source — Indian Express ↗
