The Nuclear Power Corporation of India Limited has sought to downplay concerns over a reported data breach at the Kudankulam Nuclear Power Plant, India’s largest reactor complex, NDTV reported.

A senior atomic scientist emphasised that the incident has no bearing on nuclear safety or security, stressing that the compromised files relate only to common service balance of plant systems.

NPCIL’s acting Chairman and Managing Director Rajesh V told NDTV that the leaked material has no connection with nuclear safety. He underlined that the government-owned corporation remains the sole authority responsible for constructing and operating commercial nuclear power plants in India, and that reactor operations remain unaffected.

The breach was attributed to World Leaks, a ransomware group notorious for posting stolen corporate data online when ransom demands are not met. Reuters reported that the group had uploaded files linked to Kudankulam on the dark web, including purported blueprints of plant facilities and supplier details. The authenticity of these documents has not been independently verified.

Kudankulam, located in Tamil Nadu, is India’s largest nuclear installation with a designated total capacity of 6,000 MW. The site is a cornerstone of India’s nuclear power program, developed in collaboration with Russia’s ROSATOM, which supplied the reactor core systems. The leaked documents reportedly do not pertain to these critical reactor systems.

One of the plant’s contractors admitted that there had been a partial breach of server data hosted by a third-party data centre in India. However, the contractor did not specify the nature of the compromised data. The leaked files allegedly include blueprints, supplier details, inspection records, and equipment reviews, though none appear to be linked to the reactor’s core safety systems.

Nikolas Roth, a senior director at the Nuclear Threat Initiative, warned that the breach could pose a serious risk to the plant’s safety. His assessment contrasts with NPCIL’s reassurance, highlighting the broader concern that cyber intrusions into nuclear facilities, even if peripheral, can undermine confidence in nuclear security.

World Leaks operates a website accessible only through specialised browsers, where it publishes stolen data from companies that refuse to pay ransom. Its activities have targeted multiple sectors globally, raising alarms about the vulnerability of critical infrastructure to cyberattacks.

This incident marks the second reported cyberattack at Kudankulam. In 2019, NPCIL confirmed that malware had been detected in one of its computers, though it stressed that plant systems were not affected.

The recurrence of cyber incidents underscores the growing challenge of protecting nuclear facilities against digital threats.

The latest breach highlights the importance of strengthening cybersecurity measures across India’s nuclear program. While NPCIL has sought to reassure the public, experts argue that even non-core system breaches can expose sensitive operational details, potentially aiding malicious actors.

The episode reinforces the need for robust cyber defences, transparent communication, and international cooperation to safeguard nuclear infrastructure.

Agencies