NPCIL: No sensitive data breach at Kudankulam Nuclear Power Project

Share:
Audio Loading voice…
NPCIL: No sensitive data breach at Kudankulam Nuclear Power Project

Synopsis

NPCIL has pushed back against alarm over a reported cyber incident at the Kudankulam Nuclear Power Project, insisting that accessed files belong to a contractor's conventional Balance of Plant package — not reactor or nuclear security systems. With CERT-In now investigating, the episode raises fresh questions about supply-chain cyber risk at India's most ambitious nuclear site.

Key Takeaways

NPCIL confirmed no breach of sensitive data at Kudankulam Nuclear Power Project (KKNPP) following reports of a cyber incident involving a contractor's systems.
The exposed files reportedly relate to the Balance of Plant (BoP) package — conventional infrastructure with no connection to nuclear safety or security systems.
The BoP contract was awarded to Reliance Infrastructure Limited via public tender; the company secured the deal in 2018 for Units 3 and 4 .
NPCIL and CERT-In are jointly investigating the reported cyber incident.
Kudankulam currently runs two 1,000 MW VVER reactors and, once all six units are complete, will be India's largest nuclear power park at 6,000 MW .

The Nuclear Power Corporation of India Limited (NPCIL) on 16 July firmly denied any breach of sensitive data at the Kudankulam Nuclear Power Project (KKNPP) in Tamil Nadu, stating that information reportedly circulating in the public domain relates solely to conventional infrastructure and has no bearing on nuclear safety or nuclear security systems. The clarification follows reports of a cyber incident involving systems linked to a project contractor.

What NPCIL Said

Prateek Agarwal, Executive Director (Corporate Communications) at NPCIL, issued a formal statement clarifying the nature of the exposed data. According to the statement, the engineering, procurement, and construction contract for the project's common service facilities — referred to as the Balance of Plant (BoP) package — was awarded to Reliance Infrastructure Limited through a public tender process.

NPCIL stated that the scope of this contract covers conventional service facilities of the kind typically found in thermal power plants and other process industries. The corporation was categorical: these systems are not related to nuclear safety or nuclear security.

How the Contractor Drawings Were Created

As part of the public tendering process, NPCIL had shared indicative drawings and technical specifications with bidders. Based on these inputs, Reliance Infrastructure prepared detailed engineering drawings in consultation with original equipment manufacturers. NPCIL reviewed and accepted these designs only after verifying that they met all prescribed technical specifications.

Reliance Infrastructure had secured the BoP contract in 2018 for infrastructure works related to Kudankulam Units 3 and 4, which are currently under construction.

Cyber Incident Under Investigation

Reports had emerged that engineering project files linked to KKNPP were accessed following a cyber incident involving infrastructure associated with the contractor. NPCIL reiterated that the documents in question pertain only to conventional Balance of Plant facilities and do not concern reactor operations, nuclear safety systems, or any sensitive security infrastructure.

Investigations into the reported cyber incident are being jointly carried out by NPCIL and the Indian Computer Emergency Response Team (CERT-In). No timeline for the completion of the probe has been indicated.

About Kudankulam Nuclear Power Project

Kudankulam currently operates two 1,000 MW Russian-designed VVER reactors. Four additional units are under construction. Once all units are commissioned, the project is expected to become India's largest nuclear power park, with a total installed capacity of 6,000 MW. This is not the first time KKNPP has faced scrutiny over cyber security — in 2019, a separate malware incident at the plant drew national attention before authorities clarified that critical systems had not been compromised.

Point of View

But the contractor ecosystem is a different matter. CERT-In's involvement is the right step, but the absence of any disclosure timeline or independent audit commitment will do little to reassure a public that has seen this playbook before. India's expanding nuclear programme — six more units at Kudankulam alone — makes hardening the contractor supply chain an urgent, not optional, priority.
NationPress
16 Jul 2026

Frequently Asked Questions

Was sensitive nuclear data breached at Kudankulam Nuclear Power Project?
No, according to NPCIL. The corporation stated on 16 July that the information reportedly in the public domain relates only to conventional Balance of Plant infrastructure and has no connection to nuclear safety or nuclear security systems.
What is the Balance of Plant package at Kudankulam?
The Balance of Plant (BoP) package covers common service facilities — engineering, procurement, construction, and commissioning of conventional systems similar to those found in thermal power plants. NPCIL awarded this contract to Reliance Infrastructure Limited through a public tender process in 2018 for Kudankulam Units 3 and 4.
Who is investigating the reported cyber incident at Kudankulam?
NPCIL and the Indian Computer Emergency Response Team (CERT-In) are jointly investigating the reported cyber incident. No completion timeline has been publicly disclosed.
Has Kudankulam faced cyber security issues before?
Yes. In 2019, a separate malware incident at Kudankulam drew significant national attention. Authorities at the time clarified that critical and safety systems had not been compromised, a position similar to the one NPCIL has taken in the current episode.
What is the total planned capacity of Kudankulam Nuclear Power Project?
Kudankulam currently operates two 1,000 MW Russian-designed VVER reactors. With four additional units under construction, the project is expected to reach a total installed capacity of 6,000 MW, making it India's largest nuclear power park once fully commissioned.
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest 2 months ago
  2. 4 months ago
  3. 7 months ago
  4. 7 months ago
  5. 8 months ago
  6. 9 months ago
  7. 1 year ago
  8. 1 year ago
Google Prefer NP
On Google