HomeEverythingEducationTV
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

India's Kudankulam Nuclear Plant Data Exposed in Massive Breach

Created at 15 Jul · 6:21 PM1 source↑ Market-relevant
IN SHORT

Approximately 19,000 sensitive files related to India's Kudankulam Nuclear Power Plant (KKNPP) were exposed on the dark web following a data breach at a third-party data center provider. The Nuclear Power Corporation of India and CERT-In are investigating, stating core reactor systems are unaffected.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

19,000sensitive files exposed
2,400 MWKKNPP plant capacity
2027projected operational date for Units 3 and 4
630 GBdata stolen from Tata Electronics
$1.5 millionalleged ransom demand by World Leaks to Tata Electronics

Who's Involved

Kudankulam Nuclear Power Plant (KKNPP)
India's largest nuclear plant, subject of a major data breach
Yotta
Third-party data center provider where the breach occurred
Reliance Infrastructure
Subsidiary of Reliance Group, managed the affected server
World Leaks
Cybercriminal group that published the stolen data
Nuclear Power Corporation of India (NPCIL)
Investigating the data breach
CERT-In
India's central cybersecurity agency investigating the incident
Rosatom
Russia's state-owned company that engineered KKNPP's core systems
Nuclear Threat Initiative (NTI)
Security researchers warning of potential exploitation
Tata Electronics
Indian manufacturer recently targeted by World Leaks
India's Kudankulam Nuclear Plant Data Exposed in Massive Breach

↳ Why This Matters

The breach of sensitive data related to a major nuclear power plant raises significant security concerns, highlighting vulnerabilities in third-party vendor systems and the potential for exploitation by malicious actors, despite assurances that core reactor systems remain secure.

Key facts

  • Approximately 19,000 sensitive files related to the Kudankulam Nuclear Power Plant (KKNPP) were exposed on the dark web.
  • The breach occurred on a server managed by third-party provider Yotta, impacting Reliance Infrastructure.
  • The cybercriminal group World Leaks published the data after ransom demands were ignored.
  • Core nuclear reactor systems are believed to be unaffected, as they are engineered by Russia's Rosatom.
  • Security researchers warn that the exposed data could be used to target the plant's supply chain.
  • This is the second cyber incident linked to the KKNPP, following a 2019 malware infection.

A significant data breach has exposed approximately 19,000 sensitive files pertaining to India's Kudankulam Nuclear Power Plant (KKNPP), with the data appearing on the dark web. The compromised documents primarily relate to Units 3 and 4 of the plant, which are currently under construction and expected to be operational by 2027. The incident originated on a server managed by Yotta, a data center provider, and involved a server belonging to Reliance Infrastructure, a subsidiary of the Reliance Group. The cybercriminal group World Leaks published the cache after their ransom demands were reportedly ignored.

The Nuclear Power Corporation of India (NPCIL) and India's central cybersecurity agency, CERT-In, have launched an investigation. They have indicated that the exposed documents do not appear to affect the plant's core nuclear reactor systems, which were engineered separately by Russia's state-owned Rosatom. However, security researchers from the Nuclear Threat Initiative (NTI) have raised concerns that malicious actors could leverage this information to identify vulnerabilities in the plant's support systems and supply chain.

This marks the second cyber incident associated with the Kudankulam plant; a malware infection occurred on its administrative network in 2019, though operational controls remained isolated. The breach also represents the second attack by World Leaks on an Indian company, following a recent incident involving Tata Electronics, a supplier for Apple and Tesla. In that case, World Leaks published over 630 GB of data, including details on the iPhone 18 Pro supply chain and proprietary Tesla files, reportedly after an ignored ransom demand.

Frequently asked questions

Approximately 19,000 sensitive files related to Units 3 and 4 of the Kudankulam Nuclear Power Plant were exposed on the dark web.

Officials have stated that the documents do not appear to impact the core nuclear reactor systems, which are separately engineered by Russia's Rosatom.

The breach occurred on a server managed by third-party provider Yotta, and the data was published by the cybercriminal group World Leaks.

Yes, the facility experienced a malware infection on its administrative network in 2019.

What Happens Next

01NPCIL and CERT-In will continue their investigation into the data breach.
02Security researchers will monitor for any exploitation of the exposed KKNPP data.
03Further details may emerge regarding the extent of intellectual property exposure from the Tata Electronics breach.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

Approximately 19,000 sensitive files related to the Kudankulam Nuclear Power Plant were exposed on the dark web.
The data breach occurred on a server managed by third-party provider Yotta, affecting Reliance Infrastructure.
Cybercriminal group World Leaks published the data after ransom demands were ignored.
The Nuclear Power Corporation of India and CERT-In are investigating the incident.
Security researchers warned that the data could be exploited to map support systems and identify vendor vulnerabilities.
This is the second cyber incident linked to the Kudankulam plant, following a 2019 malware infection.
World Leaks also recently targeted Tata Electronics, publishing sensitive supply chain data.

Sources

T1
Critical Data For India’s Largest Nuclear Plant Exposed In Massive BreachOilPrice.com

Related Stories

India-China relations hit snag amid Delhi street protests
15 Jul · 6:05 AM
Ukraine drone attack causes total blackout in Kerch, Crimea
15 Jul · 12:11 PM
Ukraine claims drone strikes hit 20 Russian vessels in Black Sea
15 Jul · 8:56 AM
Trump Declares Iran Deal 'Over' Amid Escalating Strait of Hormuz Tensions
15 Jul · 12:11 AM
Indian sailor confirmed dead after attack on ship off Oman coast
15 Jul · 6:00 AM