The Kudankulam nuclear data breach has exposed sensitive files linked to India’s largest nuclear power plant, sending shockwaves through the country’s energy and cybersecurity sectors. Anil Ambani’s Reliance Group confirmed a “partial breach” of its data stored on servers managed by third-party data centre provider Yotta. The Indian government has been informed.
What You Need To Know
- Reliance Group confirmed a “partial breach” of data held on Yotta’s servers
- Exposed files are linked to Kudankulam Nuclear Power Plant, India’s largest, with a capacity of 6,000 MW
- Yotta, a third-party Indian data centre provider, hosted the compromised server
- Indian government has been notified; investigation is actively underway in 2026
Kudankulam Nuclear Data Breach: What Actually Happened
The Kudankulam nuclear data breach came to light when files tied to the Tamil Nadu-based power plant surfaced after a security incident on a Yotta-hosted server. Reliance Group, acting as a contractor for the plant, issued a statement to Reuters confirming the partial exposure. Yotta Infrastructure operates one of India’s largest commercial data centre networks. Reliance stopped short of detailing the exact nature or volume of the files compromised, but the government notification signals the breach is being treated as a serious national security matter.

Why the Kudankulam Nuclear Data Breach Matters for India
The Kudankulam nuclear data breach strikes at one of the most sensitive points in India’s critical infrastructure. Kudankulam Nuclear Power Plant, built with Russian collaboration under Nuclear Power Corporation of India Limited (NPCIL), supplies 6,000 MW of electricity to southern India’s grid. Any exposure of contractor data, including engineering documents, vendor agreements, or access protocols, creates direct risks for plant operations, national security planning, and India’s long-standing civilian nuclear programme with international partners.
India’s data centre sector is under immediate scrutiny. Yotta Infrastructure, backed by Hiranandani Group, markets itself as a top-tier colocation provider for enterprise and government clients. A breach at this scale raises hard questions about how critical national infrastructure data ends up on commercial third-party servers with inadequate protection. Telecom and IT ministries are now expected to push for stricter mandates on where contractors to government and public sector entities are permitted to store sensitive project data.
“Storing nuclear contractor data on a commercial third-party server without air-gapped security controls is a fundamental architecture failure. India needs legally binding data residency and classification rules for critical infrastructure contractors, not voluntary guidelines.” — Cybersecurity Industry Expert, Critical Infrastructure Sector
What Happens Next After the Kudankulam Nuclear Data Breach
Reliance Group has confirmed it notified the Indian government, which means both the Department of Atomic Energy and the Computer Emergency Response Team of India (CERT-In) are expected to be active in the response. Investigators will focus on the scope of files exposed, how long the data sat vulnerable, and whether any unauthorized third parties accessed or copied the information. Yotta Infrastructure faces immediate questions from regulators. The Kudankulam nuclear data breach will accelerate demands for mandatory security audits of all data centre providers holding government-linked project files. Watch for a formal government statement within days.
Sources: TRAI ↗ | COAI ↗ | DOT ↗ The Economic Times; Reuters (cited within source report)
People Also Ask
- What is the Kudankulam nuclear data breach and how did it happen? The Kudankulam nuclear data breach involved sensitive files linked to India’s largest nuclear plant being exposed after a security incident on servers operated by data centre provider Yotta, used by Reliance Group as a contractor for the plant.
- Who is responsible for the Kudankulam nuclear data breach? Reliance Group acknowledged a partial breach of its data on Yotta-hosted servers. Yotta Infrastructure managed the affected server. Investigators are still determining the full chain of responsibility and whether external actors accessed the data.
- How will the Kudankulam nuclear data breach affect India’s nuclear security policies? Expect stricter government mandates on data storage for critical infrastructure contractors. CERT-In and the Department of Atomic Energy are likely to push for mandatory security audits and restricted use of commercial third-party servers for sensitive project data.





