The Aadhaar data breach occurred due to exploitable software patches available for just $35, which allowed hackers to bypass biometric authentication and GPS tracking. These patches disabled iris scans and fingerprints for enrollment operators, meaning Aadhaar numbers could be generated from anywhere without verification. Government websites also provided unrestricted API access, allowing anyone with basic details to access Aadhaar information in violation of the Aadhaar Act.