The UK governments flagship digital identity system, One Login, has faced sustained criticism over unresolved cybersecurity and data protection issues, stemming from whistleblower disclosures and internal assessments, Computer Weekly reports. A senior former information security manager at the Government Digital Service raised red flags in July 2022, citing a lack of basic safeguards, such as proper risk assessments and secure administration protocols. Despite confirmations from the National Cyber Security Centre and internal leadership of serious data protection failings and severe shortcomings, many issues remain unresolved, exposing over three million users to potential identity theft and fraud, according to the whistleblower. The whistleblowers attempts to escalate concerns were met with resistance and disciplinary threats, while senior GDS leaders downplayed internal oversight and offshored development without approval. A 2023 report by GDSs new chief information security officer warned of persistent high-risk vulnerabilities, inadequate security clearance for system access, and flawed assurance practices. A statutory data protection assessment has yet to be published.
