New Delhi: An alleged leak of more than 19,000 sensitive files linked to the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, one of India’s largest nuclear power projects, has raised serious concerns over the cybersecurity of the country’s critical infrastructure. The ransomware group World Leaks has claimed responsibility for publishing the documents on the dark web. According to preliminary information, the leaked files are part of a much larger dataset allegedly stolen from the systems of a contractor associated with the project.
Sources familiar with the matter said the exposed documents form part of a larger collection of nearly 858,000 files that were allegedly obtained from the data servers of a private company involved in the project. The company has confirmed that a third-party data centre hosting its servers experienced a partial cybersecurity breach and that the incident has been reported to the Government of India. However, it has not disclosed the exact nature or scope of the compromised data.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
According to available information, the leaked documents span the period between 2016 and 2025 and reportedly include engineering blueprints for ventilation and cooling systems, common control room floor layouts, equipment inspection reports, supplier and vendor lists, technical proposals, meeting records and insurance-related documents. The authenticity of the leaked material has not been independently verified, and it remains unclear whether all of the files are genuine or current.
Sources indicated that most of the documents relate to Units 3 and 4 of the Kudankulam Nuclear Power Project, which are currently under construction and are expected to become operational in the coming years. Preliminary assessments suggest that the leaked material does not include the reactor core design or highly sensitive reactor control system information. Nevertheless, cybersecurity specialists caution that engineering layouts, infrastructure details and supply chain information could still present significant security risks if exploited by malicious actors.
Following the incident, the Indian Computer Emergency Response Team (CERT-In), the Nuclear Power Corporation of India Limited (NPCIL) and other relevant agencies have initiated a detailed investigation. The inquiry aims to determine how the cyber intrusion occurred, what categories of data were compromised, whether any operational systems were accessed without authorisation and whether the country’s operational nuclear facilities have been affected.
Officials associated with the investigation said the data centre operator detected suspicious activity on one of its servers on May 29 and took immediate steps to contain what was believed to be a ransomware attack. The affected company subsequently informed authorities about claims that project-related data had been leaked. Investigators are now examining server logs, digital forensic evidence, network activity and access records to determine the origin, extent and impact of the alleged breach.
Cybersecurity experts noted that even if the operational reactor control systems remain unaffected, the exposure of technical documentation, facility layouts, equipment information, contractor records and supply chain details could facilitate future targeted cyberattacks or physical security threats. They emphasised that third-party vendors and service providers often represent a critical point of vulnerability in the cybersecurity ecosystem of strategic infrastructure projects.
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh said cyberattacks targeting critical national infrastructure extend far beyond data theft and can pose long-term risks to national security, energy resilience and strategic assets. He stated that organisations operating in sectors such as nuclear energy, defence, transportation and power, along with their contractors, data centres and supply chain partners, must maintain equally robust cybersecurity standards. According to him, continuous digital forensic monitoring, supply chain security audits, Zero Trust architecture, multi-factor authentication and proactive threat intelligence are essential to reducing the risk of similar incidents.
Government agencies have refrained from drawing any final conclusions until the investigation is completed. Officials said only a comprehensive digital forensic examination and technical verification will establish the actual scope of the alleged data leak, identify the specific information affected and determine whether the incident has any implications for India’s national security. The investigation remains ongoing, and further technical and legal action will be taken based on the findings.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
