Investigations by the English daily revealed that the racket is six months old and was started as a WhatsApp group. The group targeted operators of Common Service Centres Scheme (CSCS), offering them access to UIDAI data.

CSCS operators were initially assigned the task of making Aadhaar cards, but in November last year the service was restricted to post offices and designated banks.

New Delhi-based Gopal Krishan, who is convenor of the Citizens Forum for Civil Liberties, told The Tribune that the leakage means Aadhaar has "failed the privacy test... proposed data protection law will now hold no purpose as the data has already been breached."

On 20 November 2017, UIDAI had said in a statement, “The Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.”