The Nuclear Power Corporation of India Limited (NPCIL) rejected claims that a ransomware group breached data from the Kudankulam Nuclear Power Project [1].

This incident highlights the vulnerability of critical infrastructure to cyberattacks, as the Kudankulam facility in Tamil Nadu is India's largest nuclear power plant [2]. A security failure at such a site could potentially expose sensitive operational data, or compromise national security.

On July 15, 2026, the ransomware group known as World Leaks announced it had obtained and posted confidential files related to the project [1]. The group said that it accessed the information via a server belonging to a contractor [2].

NPCIL addressed the situation on July 15, 2026 [1]. The corporation said there was no evidence of a data breach within its own systems [1].

While the ransomware group has publicized the data, the NPCIL maintains that the integrity of the plant's primary systems remains intact [1]. The discrepancy between the group's claims and the official response centers on whether the accessed contractor server contained sensitive plant data, or non-critical administrative files [2].

NPCIL rejected claims that a ransomware group breached data from the Kudankulam Nuclear Power Project

The tension between the claims of World Leaks and the denials from NPCIL underscores a common gap in cybersecurity: the 'supply chain' vulnerability. Even if a primary facility's core systems are secure, third-party contractors often serve as an entry point for attackers to gather intelligence. The outcome of this incident depends on whether the leaked files contain actionable technical blueprints or merely superficial corporate documentation.