A ransomware group known as World Leaks has published a large collection of files linked to India’s biggest nuclear facility on the dark web. The material includes what appear to be design drawings for sections of the site along with supplier information, which the group claims originated from Anil Ambani’s Reliance Group.
The Kudankulam Nuclear Power Plant in Tamil Nadu is the country’s largest among seven operating facilities and plays a key role in government efforts to increase atomic power generation.
Reliance Group stated that a partial breach occurred on a server managed by the third-party provider Yotta. Officials were notified, though the company did not specify which records were affected.
Experts warn the incident could create serious safety concerns for the plant. It also highlights growing cybersecurity challenges for Indian firms that often lack adequate protections.
Reuters examined the files, dated between 2016 and mid-2025, but could not confirm their accuracy. Besides blueprints and supplier lists, the documents reportedly contain meeting notes, inspection reports, equipment assessments and insurance records.
The 19,000 files represent the most sensitive portion of 858,000 Reliance documents hosted on the group’s site.
A Reliance subsidiary secured a contract in 2018 to construct infrastructure for Units 3 and 4, which remain under construction and are scheduled to add 2,000 megawatts by 2027.
The ransomware group, previously linked to attacks on other major corporations, did not reply to inquiries. It usually releases stolen data when ransom demands are refused.
Nuclear Power Corporation of India has been in contact with Reliance, and the national cybersecurity agency CERT-In is examining the case. The Department of Atomic Energy and the prime minister’s office declined to comment.
Yotta reported detecting unusual activity on May 29 on a server used by Reliance Infrastructure. Access was blocked immediately, though the company learned of breach claims at the end of June.
The posted files do not involve reactor cores supplied by Russia. They do include drawings for ventilation and cooling systems in Units 3 and 4, plus the layout of a shared control room, vendor proposals, approved supplier lists and records of joint inspections.
One document indicates an insurance policy covering up to $112 million in the event of terrorism affecting either unit.
Researchers note that such material could help identify support systems, suppliers and potential security gaps if obtained by malicious actors.


