The Government Digital Service (GDS) was warned by the Cabinet Office and the National Cyber Security Centre (NCSC) that its One Login digital identity system had “serious data protection failings” and “significant shortcomings” in information security that could increase the risk of data breaches and identity theft.
Problems were subsequently confirmed by an internal investigation led by GDS’s chief information security officer (CISO). But when, soon after, an MP wrote to the Cabinet Office to enquire about potential issues around the information security of One Login, GDS did not mention any of the warnings in its response.
According to claims by a whistleblower, many of the security problems that were reported have yet to be resolved.
One Login is the government’s flagship system for securely accessing online public services, and underpins the Gov.uk digital wallet and the digital driving licence launched by technology secretary Peter Kyle in January this year as part of his new government digital strategy.
The whistleblower – who Computer Weekly has agreed not to name, but who has many years of cyber security experience and worked in a senior information security management role at GDS – first warned GDS leaders of serious cyber security problems with One Login in July 2022.
He says his warnings were not heeded, forcing him 18 months later to write to his MP to highlight the issues, citing the 1998 Public Interest Disclosure Act, which protects civil servants who...
By Matthew Knott and Nick Bonyhady April 19, 2025 — 5.54pm , register or subscribe to save articles for later. Save articles for later Add articles to your saved list and come back to them any tim...