In May 2017, Centre for Internet and Society (CIS) published a study that said that the data of over 130 million Aadhaar card holders had been leaked from just four portals for National Social Assistance Programme, National Rural Employment Guarantee Scheme, Chandranna Bima Scheme and Daily Online Payment Reports of NREGA. The leaked data included Aadhaar numbers as well as personally identifiable data associated with it and bank account numbers.
This was just the data leaked from 4 government websites.
The UIDAI’s response was predictable for India. The researchers were threatened with legal action for accessing the information. However, the information was publicly available and in fact, indexed by search engines as several people verified and openly criticized on social media.
This sort of information can easily be misused by scammers to pose as official representatives of the UIDAI or bank or the scheme for which they were eligible in order to extract an OTP to authorize transfer of money from accounts linked with their Aadhaar.