India's Nuclear Power Corporation (NPCIL) affirmed that the core safety systems of the Kudankulam plant were untouched despite a ransomware‑linked data breach. The leaked files pertain only to conventional balance‑of‑plant services, not to nuclear safety or security mechanisms.

Key Takeaways (मुख्य बिंदु)

  • Data breach confirmed at Kudankulam, core systems remain intact
  • Ransomware group World Leaks posted files on the dark web
  • Leaked data relates only to conventional balance‑of‑plant services

The Nuclear Power Corporation of India Ltd (NPCIL) clarified on Wednesday that a recent cyber‑security incident did not compromise the plant’s core safety and security systems. The statement came after the notorious ransomware collective World Leaks posted a large cache of files tied to the Kudankulam nuclear plant on the dark web, prompting allegations of a data breach.

Background and Strategic Importance

Located in Tamil Nadu, Kudankulam is India’s largest nuclear power complex, with a total capacity of 6,000 MW. Developed jointly by NPCIL and Russia’s Rosatom, two units are already operational while Units 3‑6 are at various stages of construction and commissioning. Given its scale, the plant has always been subject to stringent safety, reliability, and cyber‑defence standards.

Nature of the Ransomware Leak

World Leaks released documents that NPCIL’s Executive Director of CP&CC, Prateek Agrawal, emphasized are “not related to nuclear safety or nuclear security systems.” The exposed files mainly consist of tender documents, technical specifications and engineering drawings for common balance‑of‑plant (BoP) services—similar to those used in thermal power stations. These are administrative and engineering data, not the proprietary control‑system software that governs reactor operations.

Reliance Infra and Yotta Data Services Involvement

Reliance Group’s infrastructure arm, Reliance Infra, was tasked in 2018 with designing and building civil infrastructure for Units 3 and 4. The breach occurred on a server owned by Yotta Data Services Private Limited (Yotta), a third‑party data‑centre provider for Reliance. Yotta reported that a suspicious process was detected and terminated immediately, no ransomware execution or data loss was recorded, and services were restored promptly.

Regulatory Response and Future Safeguards

The incident has been reported to India’s Computer Emergency Response Team (CERT‑In) and disclosed to stock exchanges under SEBI Regulation 30. NPCIL has instructed Yotta to conduct a detailed forensic investigation and implement “enhanced security monitoring and preventive controls.” Cyber‑security experts caution that while the core systems remained safe, the exposure of conventional BoP data can provide adversaries with valuable insight into plant architecture, underscoring the need for tighter controls over public tender information.