Ease My PrepEase My Prep
All Articles
Science & TechThe HinduEditorial17 July 2026

Wealth of lacunae: On the Kudankulam nuclear plant data leak

Practice PYQs on this topic

500+ questions on Science & Tech with explanations

Open App

📌 Summary:

  • A ransomware group called ‘World Leaks’ compromised systems of Reliance Infrastructure, an engineering contractor for Units 3 and 4 of the Kudankulam Nuclear Power Plant; data was hosted by Yotta Data Services, which detected suspicious activity on May 29, 2026
  • ~14.3 GB of files were released from June 11, including ventilation layouts, floor plans of an alleged control room, supplier/vendor lists and insurance paperwork (not independently authenticated)
  • NPCIL issued a formal clarification only on July 15 — a long disclosure lag — stating the facility’s nuclear island and core operational network were unaffected; only non-nuclear peripheral infrastructure data was involved
  • Causal chain of India’s weak breach-disclosure regime: (1) organisations fear a breach admission damages public confidence, share prices, contracts and invites regulatory scrutiny → they soften language and delay disclosure; (2) many treat cybersecurity as mere compliance, not necessity → lack mature incident-response capability → early-stage assessment of what data is affected becomes technically impossible
  • Even ‘‘non-critical’’ data (floor plans, control-room layouts, vendor lists) can aid ‘‘intelligence preparation’’ for future attacks
  • India is the third-most breached country; precedents include attacks on AIIMS Delhi, airlines and State government portals; the 2019 Kudankulam episode saw malware on the admin network
  • Solution: CERT-In (currently investigating) and NPCIL must clarify authenticity of files, whether data was exfiltrated before detection, and whether credentials/supplier accounts were exposed; ‘‘basic cyber-hygiene and proactive communication are non-negotiable’’

🎯 UPSC Relevance: GS3 Internal Security — cyber security of critical information infrastructure; India’s breach-disclosure framework and CERT-In’s role.

📝 Prelims Facts:

  • Kudankulam NPP is operated by NPCIL; Units 3 & 4 are under construction with Russian (Rosatom) collaboration
  • CERT-In is India’s national nodal agency for cyber incident response (under MeitY)
  • The 2019 Kudankulam incident involved DTrack malware on the administrative network

🔑 Key Term: Intelligence Preparation — using seemingly non-sensitive leaked data (layouts, vendor lists) to map a target and plan a future physical or cyber attack.

Kudankulamcyber securityCERT-InNPCILransomware

UPSC Classification

Prelims (GS1)
Mains
PrelimsMains

See PYQs related to “Science & Tech

Every classification tag above links to actual UPSC questions asked on that topic — with answer, explanation and elimination logic. Only in the app.

Download App