The Unique Identification Authority of India – Aadhaar’s governing body – has filed a complaint against three companies for the unauthorised usage of biometrics stored by it, The Times of India reported on Friday. The complaint filed against Axis Bank, Suvidhaa Infoserve and eMudhra comes after UIDAI noticed 397 biometric transactions from an individual, according to the report.

Out of the transactions, 194 were performed through Axis Bank, while 91 and 112 were performed through Suvidhaa Inforserve and eMudhra. The UIDAI flagged the transactions after noticing that many of them were performed concurrently, indicating a common element behind the operations. An internal audit suggested that biometrics stored within the Aadhar systems were being used for the transactions. “The simultaneous multiple successful transactions and exact biometric match score in several successive transactions is not possible without use of stored biometrics,” a UIDAI official told the Times.

The complaint is currently being probed by the Delhi Police’s cyber crime cell. A spokesperson for Axis Bank said the transactions were tests performed by Suvidhaa Infoserve. “We would like to state that there is no financial loss caused by the testing done by Suvidhaa,” the spokesperson said. Suvidhaa Chief Executive Officer Paresh Rajde also said the transactions were tests, adding that a developer performing tests “sent four transactions concurrently, which is not allowed”. Rajde said his company was distributing Aadhaar-linked products on behalf of Axis Bank. However, eMudhra did not issue a statement on the matter.

The use of Aadhaar by the Centre and the private sector has prompted security and data privacy concerns by rights groups and activists. The Supreme Court on January 5 observed that that biometric data collection by private agencies for Aadhaar was not a good idea. The government has defended the practice saying it is commonplace and that the Centre had taken enough precautions to ensure that information was not misused.