A ransomware group accessed over 19,000 sensitive files linked to the Kudankulam Nuclear Power Project (KKNPP), triggering a security alert among its top officials, sources confirmed on July 15, 2026.

The breach originated from a server hosted by Yotta, a third-party provider for contractor Reliance Group, which admitted to a "partial breach" but declined to specify the nature of the exposed data. The files, dating from 2016 to mid-2025, include engineering blueprints, vendor lists, operational records, and joint inspection reviews by Indian and Russian engineers.

Scope of the Kudankulam nuclear plant data breach

The leaked documents pertain to control, cooling, and ventilation systems, as well as administrative files like insurance policies. The incident poses a potential security risk by exposing vulnerabilities in the plant’s support systems.

Investigations by the Nuclear Power Corporation of India Limited (NPCIL) and the Computer Emergency Response Team are underway. Suspicious activity on Yotta’s server was first detected on May 29, 2026, and reported in late June.

Official response and past incidents

NPCIL sources confirmed the leak but downplayed its severity, stating the files were "ordinary" and unrelated to nuclear safety. In 2019, a similar incident involving North Korean malware was dismissed by NPCIL, which claimed its standalone network remained unbreachable.

KKNPP officials, including Site Director Ashok Bhatiya and Station Director V.P. Sunil, have not responded to requests for comment. The plant, India’s largest nuclear park, is expanding with four additional 1,000 MWe VVER reactors under construction with Russian technical support.