Whistleblowers have exposed critical security failures in the UK’s GOV.UK One Login digital ID system, revealing vulnerabilities that compromise security and data protection. These flaws, allegedly embedded since the system’s launch, pose significant risks, including potential data breaches.
A security expert from the Government Digital Service (GDS), part of the Department for Science, Innovation and Technology, first raised these concerns in 2022. Despite reporting through proper channels, the whistleblower’s warnings were ignored, leaving the system’s serious vulnerabilities unaddressed and heightening the risk of exploitation.
Infowars.com reports: Another threat from more than half a million system vulnerabilities that they said were identified is identity theft. At this time, some three million people in the UK use the system to access 50 government services.
BYPASS THE CENSORS
Sign up to get unfiltered news delivered straight to your inbox.
You can unsubscribe any time. By subscribing you agree to our Terms of Use
The security expert, whose identity has not been revealed in reports about the brewing scandal, asserted that thousands of vulnerabilities identified were rated as either critical or high.
Iran Release Proof Israel Planning 'Worse Than 9/11' False Flag on U.S. to Destroy Trump's Ceasefire
The whistleblower’s account of the events suggests the authorities went for a slapdash approach to setting up the digital ID infrastructure, not only from the technical but also from the policy point of view.
“Basic” governance and risk management were not in place, according to the source, while the £330 ($436.70) million in funding arrived thanks to the business case that featured “misleading claims” regarding the quality of the scheme’s security.
And when the decision was made to outsource development to Romania, it came without GDS CEO’s approval, and without consultation with the National Cyber Security Center (NCSC).
It gets worse from here: the chief information security officer for GDS later carried out an investigation that reportedly confirmed the problems – only for the agency to decide not to mention this, when responding to a letter an MP sent to the Cabinet Office, asking about One Login’s security problems.
That MP appears to be the one the whistleblower previously contacted with their information, after waiting 18 months for the problems to be addressed by GDS.
But GDS did take some action – against the whistleblower.
Even though the MP was informed in line with the Public Interest Disclosure Act that should have protected the security expert, he faced disciplinary action.
At this time, the Department for Science, Innovation and Technology continues to claim that One Login is “secure.”
