The Nuclear Power Corporation of India Limited (NPCIL) said no nuclear safety or security systems were breached following a massive data leak.
The incident raises concerns about the cybersecurity of critical infrastructure in India, as the Kudankulam Nuclear Power Plant is the country's largest nuclear facility.
On July 15, a hacker group calling itself "World Leaks" claimed to have posted more than 19,000 files [1] related to the plant located in Tamil Nadu. The group said the documents provide a glimpse into the operations of the facility.
NPCIL said the leaked documents relate only to conventional plant facilities and non-nuclear safety systems [1], [2]. Because the files do not involve the core nuclear safety systems, the corporation said there is no nuclear safety breach [1], [2].
Reports regarding the nature of the files vary. Some reports indicate the cache includes blueprints, supplier lists, and insurance records [2]. Other reports suggest the documents were prepared by Reliance Infrastructure Ltd [2].
There are conflicting accounts regarding how the data was accessed. One report said the breach was traced to a server used by Reliance Group [2]. NPCIL said the exposure of these documents does not compromise the actual safety of the nuclear reactors.
The facility continues to operate while authorities assess the extent of the data exposure. NPCIL said the incident did not affect the plant's operational security.
“NPCIL said no nuclear safety or security systems were breached”
This incident highlights a growing vulnerability in the supply chain of critical infrastructure. While the NPCIL maintains that the core nuclear systems remain secure, the alleged leak of blueprints and supplier lists from a third-party contractor's server suggests that secondary vendors may be the weakest link in national security frameworks.



