A vulnerability at a CDSL subsidiary, CDSL Ventures Limited, has exposed personal and financial data of over 4 crore Indian investors twice in a period of 10 days, according to startup CyberX9.