PTV Network
South Asia2 HOURS AGO

India's Kudankulam data breach sparks questions over Delhi's cybersecurity

India's Kudankulam data breach sparks questions over Delhi's cybersecurity

A view of the building housing Kudankulam Nuclear Power Plant (KNPP) in Tamil Nadu state, India (Photo courtesy Wikimedia Commons)

ISLAMABAD: Sensitive documents linked to India’s largest nuclear power facility, the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, have reportedly been exposed in a major data breach, raising questions over the cybersecurity of critical infrastructure.

According to the Indian newspaper The Hindu, thousands of files relating to the project surfaced on the dark web after a ransomware group allegedly published data linked to one of the plant’s contractors. 

It reported that the leaked cache includes engineering drawings, supplier information, inspection records, meeting minutes, equipment reviews and insurance documents associated with Units 3 and 4 of the nuclear project.

The Hindu further reported that the disclosure triggered “absolute commotion” among the project’s senior management, with top officials assessing the extent of the exposure and coordinating with cybersecurity agencies. 

Sources quoted by the newspaper stated that authorities were examining whether any sensitive operational information had been compromised.

According to NDTV, the Nuclear Power Corporation of India Ltd. (NPCIL) said the leaked material does not involve the reactors’ core control systems and insisted that plant operations remain safe and unaffected. 

NPCIL officials added that the exposed files are believed to relate to infrastructure work being carried out by a private contractor rather than the nuclear reactors themselves.

Other media outlets reported that nearly 19,000 files, amounting to about 14.3 gigabytes, were allegedly published by the ransomware group “World Leaks.” 

The documents reportedly date from 2016 to mid-2025 and include layouts of ventilation and cooling systems, supplier lists, and records of inspections, Indian media quoting Reuters.

The incident has prompted an investigation involving India’s Computer Emergency Response Team (CERT-In). 

The breach also revives memories of the 2019 malware incident involving Kudankulam, when NPCIL maintained that only the plant’s administrative network had been affected while critical operational systems remained isolated and secure.