A ransomware group operating on the dark web has released a substantial cache of documents tied to the Kudankulam Nuclear Power Plant in Tamil Nadu, marking a significant security incident for India's largest atomic facility and raising concerns about the vulnerability of critical infrastructure across the region. World Leaks, the notorious cybercriminal organisation responsible for the breach, has posted approximately 19,000 highly sensitive files allegedly stolen from Reliance Group, one of the plant's major contractors. The material reportedly includes technical blueprints for portions of the facility, supplier catalogues, meeting records, inspection documentation, and financial details — information that in the wrong hands could potentially compromise operational security at a nuclear installation central to India's energy strategy.

The Kudankulam Nuclear Power Plant stands as India's flagship atomic energy facility and sits at the heart of Prime Minister Narendra Modi's vision to substantially expand the country's nuclear power capacity. Located in the southern state of Tamil Nadu, the plant represents a significant investment in India's effort to meet future energy demands while reducing carbon emissions. Units 3 and 4, currently under construction and expected to commence operations by 2027, will contribute an additional 2,000 megawatts of generating capacity once completed. Reliance Infrastructure, a subsidiary of Anil Ambani's sprawling Reliance Group conglomerate, was contracted in 2018 to design and construct the infrastructure supporting these new units, placing the company in a position of considerable responsibility within the project.

Reliance acknowledged the incident in a statement to international media, disclosing that a server maintained by third-party data centre operator Yotta had experienced what it termed a "partial breach." The company reported the matter to Indian government authorities but refrained from specifying exactly which data had been compromised or the extent of the exposure. Yotta, the Mumbai-based data centre service provider, revealed that suspicious activity was detected on May 29 on servers hosting Reliance Infrastructure's systems. Though the company claimed it had immediately terminated the suspicious activity and prevented ransomware execution, external threat actors subsequently made public claims of a successful data theft, which Yotta said it has been unable independently to verify. The timeline of events suggests a potential gap between when the intrusion occurred and when the breach became public knowledge through World Leaks' dark web posting.

The exposure of such material carries tangible risks to nuclear facility operations, according to nuclear security specialists. Nickolas Roth, a senior director at the Nuclear Threat Initiative, an organisation that advises governments on atomic security matters, characterised the potential fallout as "serious." In the hands of hostile actors, the leaked blueprints and facility maps could enable sophisticated analysis of the plant's auxiliary systems, identify critical suppliers within the operational chain, and expose vulnerabilities in the broader security infrastructure. The documents reveal purported design specifications for ventilation and cooling systems serving Units 3 and 4, as well as what appears to be the complete layout of a centralised control room — information that could theoretically be weaponised to identify structural weaknesses or operational blind spots. Additionally, the disclosed documents appear to reference an insurance arrangement providing $112 million coverage against acts of terrorism targeting either unit, a detail that itself constitutes sensitive information about risk assessment and contingency planning.

The breach underscores a broader pattern of cybersecurity fragility across India's corporate and institutional landscape. India now ranks third globally in the frequency of data breaches, with 28.9 million accounts compromised in the most recent year measured, trailing only the United States and France according to cybersecurity intelligence firm Surfshark. A joint report from the Data Security Council of India and cybersecurity firm Seqrite revealed that among 204 organisations surveyed across the country, approximately 73 percent remained uncertain whether they had ever experienced a cyberattack, while 57 percent acknowledged lacking adequate cyber hygiene practices and protocols. Such widespread gaps in security awareness and defensive infrastructure create conditions in which sophisticated threat actors can operate with relative impunity, as evidenced by the apparent ease with which World Leaks accessed Reliance's systems.

World Leaks has earned notoriety through previous high-profile attacks on multinational corporations and major Indian business houses. The group previously targeted Nike and India's Tata Group, demonstrating a willingness to strike at targets of significant economic and strategic importance. In the case of Tata Group, World Leaks sought $1.5 million in ransom for files containing confidential component designs belonging to major technology clients including Apple and Tesla. When Tata refused to capitulate to the ransom demand, the group published the stolen data on its dark web portal, as is its standard practice. The modus operandi suggests a calculated criminal enterprise rather than opportunistic hackers, with demands calibrated to individual targets and public release serving as both punishment for non-compliance and advertisement of the group's capabilities to potential future victims.

India's state nuclear authority has engaged with Reliance regarding the incident, while the Indian Computer Emergency Response Team, the nation's primary cybersecurity agency, has initiated an investigation. The Nuclear Power Corporation of India, which operates all of the country's civilian atomic facilities, has been in communication with Reliance about response measures and damage assessment. However, senior officials including the Nuclear Power Corporation's chairman, Rajesh Veeraraghavan, declined to provide substantive comment on the breach when approached by international media. The Department of Atomic Energy similarly declined to discuss the matter, and the Prime Minister's office did not respond to inquiries, suggesting either an ongoing sensitivity around the incident or an institutional preference for limiting public discussion of nuclear security vulnerabilities.

The exposed files span a nine-year period from 2016 through mid-2025, and while Reuters was unable to independently verify the authenticity of individual documents, the sheer volume and specificity of the material suggests a comprehensive infiltration of Reliance's project files. The approximately 19,000 files flagged as most sensitive represent a subset of roughly 858,000 total Reliance documents that World Leaks has posted on its portal, indicating that the full scope of the breach extends considerably beyond the nuclear plant context alone. The documents include vendor proposals, supplier approval lists, photographic records of equipment from 2024 inspections, and administrative communications between Reliance and the Nuclear Power Corporation — material that collectively provides a detailed window into operational procedures and project management practices at a critical national infrastructure site.

This incident constitutes the second confirmed cyberattack linked to the Kudankulam facility in recent years. In 2019, malware associated with North Korean hacking groups was discovered on the plant's administrative network. At that time, the Nuclear Power Corporation maintained that the matter had been investigated thoroughly and that core plant systems remained unaffected. The recurring nature of cyber incidents targeting India's nuclear infrastructure raises questions about whether security protocols have been adequately strengthened since the previous intrusion or whether the threat environment has simply evolved in sophistication faster than defensive measures have improved. For Malaysia and other Southeast Asian nations monitoring developments in regional security, the breach illustrates vulnerabilities that extend beyond India's borders, as compromised information about construction techniques, supplier networks, and facility design could be analysed by adversaries seeking to identify similar weaknesses in nuclear infrastructure throughout the region.

The exposure of such sensitive information arrives at a moment when India is actively pursuing expansion of its nuclear energy portfolio as a cornerstone of its development strategy. The timing and nature of the breach may prompt renewed examination of cybersecurity protocols governing contractors and subcontractors involved in critical infrastructure projects across the country. For Malaysian stakeholders, the incident serves as a cautionary example of how supply chain vulnerabilities and third-party service providers can create unexpected exposure at facilities of national importance. As countries throughout Southeast Asia contemplate their own nuclear energy futures or engage in partnerships with regional powers on infrastructure development, the lessons from Kudankulam regarding the intersection of physical security, cybersecurity, and contractor management warrant careful consideration in policy deliberations and procurement frameworks.