CDSL and NSDL maintain backups of all investor data across different locations. These backups are regularly updated.
SEBI has mandated strict cybersecurity protocols for depositories, including disaster recovery mechanisms.
Registrar and Transfer Agent also maintains shareholding data. RTAs are appointed by companies and mutual funds to maintain records of investors and manage their transactions.
Regarding Zerodha specifically, brokers maintain their own records and also have to report to depositories and exchanges. Also reinforced by backups and disaster recovery mechanisms.
Here are the older threads where Nithin also shared some views,
)