Following news of highly sensitive files of Kudankulam Nuclear Power Project (KKNPP) being accessed by a ransomware group from a contractor’s server, the Nuclear Power Corporation of India Limited (NPCIL) on Wednesday (July 15, 2026) denied concerns of a “sensitive data breach” and clarified that the information claimed to be available in the public domain pertains only to “conventional balance of plant common service facilities”.

    In a statement released late on Wednesday (July 15, 2026), the NPCIL said the engineering procurement and construction contract for the common services – Balance of Plant package — was awarded to Reliance Infrastructure Limited through public tender process.

    The scope of the contract includes engineering, procurement/supply, construction and commissioning of common service facilities, which are of “conventional nature” and are typically found in thermal power plants as well as other process industries. They are not related to nuclear safety or nuclear security systems, said the statement by Prateek Agarwal, Executive Director, Corporate Communications, NPCIL, Mumbai.

    The statement further said: “As part of the public tendering process, the NPCIL provided indicative drawings and technical specifications to the bidders. Based on these inputs and the requirements of the project, Reliance Infrastructure Limited prepared detailed engineering drawings in consultation with respective Original Equipment Manufacturers.”

    The designs proposed by Reliance Infrastructure Limited meeting the technical specifications are accepted by NPCIL after review.

    Earlier in the day, sources in the KKNPP told The Hindu that “absolute commotion” was going on among the top brass of the upcoming nuclear park, “who were completely clueless” about this adverse development which poses serious security threat by allowing the enemies to map the support system and identify the vulnerabilities.

    After commissioning two 1,000 Mwe VVER reactors, the KKNPP is constructing four more similar units with Russian technical know-how at Kudankulam, which is all set to house India’s biggest nuclear park with reactors generating 6,000 MW nuclear power.

    According to a Reuters report, over 19,000 highly sensitive files dating between 2016 and mid-2025 and linked to KKNPP’s engineering blueprints on control, cooling and ventilation systems, list of vendors and suppliers supplying equipments, operational files on meeting records, reviews of joint inspection by the Indian and Russian engineers, insurance policies etc. had been accessed by well-known ransomware group, World Leaks.

    The leak reportedly originated from a server hosted by third party provider, Yotta, belonging to the plant’s contractor Anil Ambani’s Reliance Group, which has admitted that “partial breach” had indeed happened while refusing to detail the nature of the data accessed by the dark web.

    Reliance Group’s Reliance Infrastructure bagged the contract in 2018 to build infrastructure for rectors 3 and 4, both under construction.

    “Suspicious activity on Yotta’s server was noted on May 29 last and it was reported in June-end. Investigations by NPCIL, the project proponent, and Computer Emergency Response Team are on,” the sources in KKNPP said.

    When the KKNPP encountered similar incident in 2019, wherein a North Korean malware infection on its administrative network exposed KKNPP’s vulnerability, the NPCIL just dismissed it saying that their “unbreachable standalone network” was intact and no data could be accessed by any dark web.

    Neither KKNPP’s Site Director Ashok Bhatiya, nor V.P. Sunil, Station Director (1 and 2), could be reached for their comments on this sensitive issue.

    Also read | Russia ships fuel for Kudankulam’s third reactor

    The Senior Manager of Human Resources and Public Relations Kannan, who would usually be in touch with the media for occasional press statements, also did not pick up repeated calls.

    Comment | The right path for India’s nuclear power development 

    Earlier in the day, multiple NPCIL sources also confirmed the leak of data. However, a senior official had said: “The files leaked are not related to KKNPP plant safety or nuclear safety. They are ordinary files which are common to any thermal power plant.”

    Published - July 15, 2026 08:56 pm IST

    Published on 15 July 2026 by thehindu

    Recommended for you