News From Multiple Perspectives

NPCIL confirms Kudankulam project data breach, denies nuclear safety risks

Published July 16, 2026 at 12:33 AM UTC

Authored by
Every article published on DirectionFreeNews undergoes editorial review by our editorial team. Our editors research publicly available information from multiple trusted news organizations, compare differing perspectives, verify key facts, and publish balanced summaries intended to help readers better understand important events. Our editorial process is designed to reduce editorial bias by considering multiple reputable sources rather than relying on a single viewpoint

The Nuclear Power Corporation of India Limited (NPCIL) has officially addressed reports of a data breach involving the Kudankulam Nuclear Power Project. On July 15, 2026, the state-run operator clarified that while files related to the project were accessed by a ransomware group, the incident does not compromise the facility's nuclear safety or security systems. The leaked documents, which were posted on the dark web, reportedly originated from a third-party server managed by a contractor, Reliance Infrastructure, rather than from the plant's internal network.

NPCIL stated that the exposed information pertains strictly to the conventional balance of plant common service facilities for Units 3 and 4, which are currently under construction. These systems, which include standard infrastructure like ventilation and cooling support, are common to many industrial projects and are not integrated with the plant's sensitive nuclear reactor controls. The corporation emphasized that the core operational systems, supplied by Russia's Rosatom, remain entirely separate and untouched by the incident.

Reliance Infrastructure, which was contracted in 2018 to build infrastructure for the project, confirmed a partial data breach on a server hosted by its third-party provider, Yotta Data Services. The company reported that the suspicious activity was identified and contained, with security protocols now enhanced. Both NPCIL and the contractor have informed relevant authorities, including India's Computer Emergency Response Team (CERT-In), to conduct a thorough investigation into the extent of the exposure.

While the breach has raised public concern, officials maintain that the incident is a matter of corporate data security rather than a failure of national nuclear infrastructure. The public can expect continued monitoring as authorities review the security practices of third-party vendors involved in critical projects. For now, the focus remains on ensuring that all contractors adhere to strict cybersecurity standards to prevent future unauthorized access to project-related documentation.