• NPCIL Clarifies Kudankulam Leak Involves Contractor Data, Not Nuclear Systems

New Delhi: The Nuclear Power Corporation of India Limited (NPCIL) has dismissed reports of a “sensitive data breach” at the Kudankulam Nuclear Power Project (KKNPP), asserting that the country’s largest nuclear power plant has suffered no compromise of its nuclear safety, security or reactor control systems.

The clarification comes after reports claimed that a ransomware group had leaked nearly 19,000 project-related documents allegedly linked to the Kudankulam Nuclear Power Project on the dark web, raising concerns over the cybersecurity of India’s strategic nuclear infrastructure.

Leak Limited to Conventional Project Data

In an official statement, NPCIL said the information reportedly circulating in the public domain pertains only to the Common Services–Balance of Plant (BoP) package for Kudankulam Units 3 and 4. According to the corporation, these facilities are conventional in nature and are commonly found in thermal power stations and other industrial projects.

NPCIL stressed that the leaked material has no connection with nuclear safety systems, reactor operations, nuclear security infrastructure or any sensitive nuclear information.

No Threat to Plant Operations

The corporation clarified that the Engineering, Procurement and Construction (EPC) contract for the Common Services-BoP package was awarded to Reliance Infrastructure in 2018 through an open tender process.

As part of the bidding process, NPCIL had shared only indicative technical specifications and drawings with bidders. The detailed engineering drawings were later prepared by the contractor in consultation with equipment manufacturers and approved by NPCIL after technical review.

The utility maintained that the alleged breach does not affect the functioning or safety of the operational nuclear reactors at Kudankulam.

Contractor’s Server Reportedly Targeted

The controversy surfaced after reports claimed that ransomware group World Leaks had published around 19,000 files, amounting to nearly 14 GB of data, allegedly obtained from servers associated with Reliance Infrastructure, one of the contractors involved in the construction of Kudankulam Units 3 and 4.

The leaked documents reportedly include engineering drawings, inspection records, supplier information, insurance papers and layouts related to conventional infrastructure. However, there is no indication that reactor design data or core nuclear systems were exposed.

Reliance Infrastructure Confirms Partial Data Breach

Reliance Infrastructure has acknowledged that a partial data breach occurred involving data hosted on servers managed by a third-party data centre. The company said the matter has been reported to the concerned government authorities and an investigation is underway.

The data centre operator had earlier stated that suspicious activity on one of the hosted servers was detected and contained before the ransomware attack could fully execute. Nevertheless, cybercriminals later claimed to possess project-related files.

CERT-In Monitoring the Incident

The Indian Computer Emergency Response Team (CERT-In), along with NPCIL and other agencies, is examining the incident to determine the extent of the breach and assess whether any confidential project information was exposed.

Officials have reiterated that the country’s nuclear facilities continue to operate safely and that critical reactor systems remain isolated from external networks through multiple layers of cybersecurity.

Background

Located in Tamil Nadu, the Kudankulam Nuclear Power Plant is India’s largest nuclear power station. While Units 1 and 2 are operational, Units 3 and 4 are under construction with Russian collaboration and are expected to significantly enhance the country’s nuclear power generation capacity.

The latest episode has also revived memories of the 2019 malware incident at Kudankulam, when NPCIL had similarly clarified that only an administrative network had been affected while all operational reactor systems remained completely secure.

Leave a Reply

Your email address will not be published. Required fields are marked *