Kudankulam Nuclear Power Plant Data Breach
Overview
The Nuclear Power Corporation of India Limited (NPCIL) reported a data breach at the Kudankulam Nuclear Power Plant but clarified that the breach does not involve nuclear safety or security systems.
Details of the Breach
- The leaked data pertains to the plant’s conventional Balance of Plant (BoP) common service facilities.
- Reliance Infrastructure Ltd was awarded the BoP contract in 2018.
- The breach involves Units 3 and 4, which are under construction.
Technical and Contractual Information
- The BoP facilities are common in thermal power plants and not part of nuclear safety systems.
- The Engineering, Procurement, and Construction (EPC) contract was publicly tendered and awarded to Reliance Infrastructure Ltd.
- NPCIL provided indicative drawings and technical specifications for the project.
- Reliance Infrastructure Ltd prepared detailed engineering drawings in consultation with Original Equipment Manufacturers (OEMs).
Extent of the Breach
- Ransomware group World Leaks published around 19,000 files, totaling 14.3 gigabytes, on the dark web.
- The documents range from 2016 to mid-2025, including blueprints, supplier information, and inspection records.
Response and Investigation
- Reliance Group acknowledged a “partial breach” of data on a server hosted by Yotta, a third-party data center provider.
- Suspicious activity was detected and terminated on May 29, preventing ransomware execution.
- The government has been informed of the incident.