Union Science Minister Jitendra Singh said no sensitive nuclear data from the Kudankulam plant was compromised, dismissing recent ransomware claims. The Nuclear Power Corporation of India clarified that the leaked files relate only to the conventional Balance of Plant contract, not to nuclear safety or security systems.

Key Takeaways

  • No sensitive nuclear data from Kudankulam was leaked
  • Leaked files pertain only to conventional Balance of Plant contracts
  • Government and NPCIL continue cyber‑security investigations

New Delhi – Union Science Minister Jitendra Singh on Thursday asserted that no sensitive information from the Kudankulam Nuclear Power Plant (KKNPP) was compromised, refuting recent claims by the ransomware group ‘World Leaks’. The minister emphasized that nuclear safety and security data remain intact.

Ransomware Allegations and NPCIL’s Clarification

‘World Leaks’ alleged that it accessed over 19,000 files, including engineering blueprints, vendor details, and meeting records spanning 2016 to mid‑2025. In response, the Nuclear Power Corporation of India Limited (NPCIL) clarified that the exposed documents are limited to the engineering, procurement and construction (EPC) contract for the plant’s conventional Balance of Plant (BoP) package. These facilities are typical of thermal power stations and other process industries, not of nuclear safety‑critical systems.

Strategic Importance of Kudankulam

Located in Tamil Nadu, Kudankulam houses six Russian‑designed VVER pressurised water reactors. Two units are operational, while Units 3 and 4 are under construction and slated to start by 2027. The plant is a cornerstone of India’s clean‑energy strategy, reducing dependence on fossil fuels and bolstering grid reliability.

Broader Cyber‑Security Implications

Although NPCIL insists that no nuclear‑related data was leaked, cybersecurity experts warn that engineering schematics and supply‑chain information can still be valuable to hostile actors targeting ancillary infrastructure or contractors. The incident underscores the growing attack surface of critical energy assets in an increasingly digitised world.

Ongoing Investigation and Corporate Response

India’s Computer Emergency Response Team (CERT‑In) and NPCIL are jointly investigating the breach. Reliance Infrastructure Limited, which won the BoP contract in 2018 through a public tender, acknowledged a partial data breach involving a server hosted by third‑party data‑centre provider Yotta, and confirmed that the government has been notified.