Reliance Group has confirmed that it suffered a “partial data breach” involving a server hosted by a third-party data centre provider, following reports that files allegedly linked to the Kudankulam Nuclear Power Plant in Tamil Nadu had surfaced on the dark web, news agency Reuters reported today. Ransomware group World Leaks claimed to have published thousands of files purportedly related to India’s largest nuclear power project, including alleged engineering documents, supplier details and infrastructure-related records, the report said.

In a statement to Reuters, Reliance Group said there had been “a partial breach” of its data on a server hosted by Yotta, an Indian data centre service provider, and reported the incident to the government. However, the company did not disclose the nature of the compromised data.

Reliance confirms breach, government informed

Quoting Reliance, Reuters reported that the breach was limited to data hosted on a third-party server and confirmed that the matter had been brought to the attention of the authorities. The company did not specify whether any documents relating to the Kudankulam Nuclear Power Plant were among the affected data.

Reuters reported that it reviewed documents uploaded by World Leaks but could not independently verify their authenticity.

Plant infrastructure under construction

The Kudankulam Nuclear Power Plant in Tamil Nadu is India’s largest nuclear power facility and plays a key role in the country’s plans to expand nuclear energy capacity. Reliance Infrastructure secured a contract in 2018 to design and build infrastructure for Units 3 and 4 of the project. The two units, currently under construction, are expected to become operational by 2027 and together add 2,000 MW of electricity generation capacity.

According to Reuters, the files posted online allegedly included engineering drawings, inspection records, vendor information, meeting documents and insurance-related records linked to the project.

Yotta flags suspicious activity

Yotta, which hosts the affected server, said it detected suspicious activity on May 29 involving a server belonging to Reliance Infrastructure. The company said the activity was immediately terminated and suspected ransomware execution was prevented.

According to Reuters, Yotta said Reliance Infrastructure later informed it that external threat actors had claimed responsibility for a data breach. The data centre operator added that it has not independently verified the hackers’ claims but has shared its technical findings with Reliance and is supporting the ongoing investigation.

Authorities examining the incident

Reuters reported that India’s Computer Emergency Response Team (CERT-In) is looking into the incident. The report also said the Nuclear Power Corporation of India Ltd (NPCIL), which operates the country’s nuclear power plants, has been in communication with Reliance regarding the breach.

Officials from NPCIL, CERT-In and the Department of Atomic Energy did not comment on the matter, Reuters reported.

Cybersecurity concerns

This development comes amid concerns over cybersecurity risks targeting critical infrastructure. According to Reuters, cybersecurity researchers cautioned that documents relating to support infrastructure, vendors or project layouts could potentially be exploited by malicious actors if authenticated.

The incident also follows an earlier cybersecurity episode involving the Kudankulam plant in 2019, when malware linked to a North Korean hacking group was detected on an administrative network. At the time, NPCIL said the plant’s operational systems were not affected.