A senior official from India's nuclear sector has clarified that the recent data leak linked to the Kudankulam Nuclear Power Plant did not compromise the facility's nuclear safety or security systems, seeking to ease concerns over the incident.
Rajesh V, Acting Chairman and Managing Director of the Nuclear Power Corporation of India Limited (NPCIL), told NDTV the exposed information was related only to common service and balance-of-plant systems, which operate independently of the plant's critical nuclear infrastructure.
NPCIL, a government-owned enterprise, is responsible for building and operating all commercial nuclear power plants across India.
The clarification came after reports that ransomware group World Leaks had published files allegedly associated with the Kudankulam Nuclear Power Plant on the dark web. According to Reuters, the leaked material reportedly included facility layouts, supplier information, inspection records, and equipment assessment documents.
Situated in Tamil Nadu, Kudankulam is India's largest nuclear power station, with a planned generation capacity of 6,000 MW.
Reuters, citing one of the plant's contractors, reported that a third-party data centre hosting some of the contractor's servers experienced a partial data breach. However, the contractor did not disclose the exact nature of the compromised information.
The report also noted that while the leaked documents appeared to contain technical records and supplier-related data, their authenticity could not be independently confirmed. It further stated that there was no indication that the files were connected to the reactor's core systems, which were supplied by Russia's state-owned nuclear company, Rosatom.
World Leaks is known for stealing corporate data and publishing it online when organisations decline to meet its ransom demands. The group's website is accessible only through specialised browsers commonly used to access the dark web.
This is not the first cybersecurity incident involving the Kudankulam plant. In 2019, NPCIL confirmed that malware had been detected on one of its computers but maintained that the nuclear plant's operational systems remained unaffected.
