| Relevance: GS-III (Internal Security, Cyber Security, Energy Infrastructure) | Source: MeitY & Security Reviews, 2026 |
Kudankulam Data Leak: Are India’s Nuclear Plants Safe from Cyberattacks?
1 · What is the news in simple words?
| Recently, reports revealed that highly sensitive engineering blueprints of the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu were leaked onto the dark web by a ransomware extortion group called World Leaks.
This caused major alarm across the country! However, there is a catch: the hackers did not hack the nuclear plant itself. Instead, they stole the data by hacking into a server belonging to a third-party private contractor (Reliance Infrastructure) that was helping build parts of the plant. Let us break down what this means for your UPSC preparation! |
2 · What Was Leaked and Are We Safe?
| Whenever a cyberattack touches critical infrastructure like atomic energy, it is natural to worry. Here is a clear picture of what was actually exposed versus what remained safe: |
|
What Got Leaked?
Support System Blueprints
Over 19,000 files related to Kudankulam were exposed. These include floor layouts, cooling systems, and ventilation designs for conventional buildings (known as the Balance of Plant), dating from 2016 to 2025.
|
What Stayed Safe?
The Core Nuclear Reactor
NPCIL confirmed that the active nuclear reactors and core safety controls were completely untouched. Why? The reactor cores are built with Russia’s Rosatom and operate on totally isolated, closed networks!
|
|
The Real Danger
Mapping Vulnerabilities
Even though the radioactive core is safe, leaking detailed floor plans gives hostile countries or terrorists a ready-made “map” of our support systems, which could be used to plan future physical or cyber sabotage.
|
The Missing Link
Third-Party Contractors
This incident highlights a major loophole: while government reactors are tightly guarded, our private IT and construction contractors are “soft targets” with weaker cybersecurity!
|
- Not the First Time: Back in 2019, Kudankulam’s administrative computer network was hit by a malware called Dtrack, linked to a North Korean hacking group.
- The Way Forward: India urgently needs to mandate a ‘Zero-Trust’ cybersecurity framework not just for government plants, but for every single private contractor and vendor involved in national security projects.
| UPSC Prelims Quick Facts | ||||||||||
|
| MCQ Practice Question |
Q. With reference to India’s nuclear energy infrastructure and cybersecurity mechanisms, consider the following statements:
Which of the statements given above is/are correct? |
Answer: (b) 3 only
|
Start Yours at Ajmal IAS – with Mentorship StrategyDisciplineClarityResults that Drives Success
Your dream deserves this moment — begin it here.




