(BRITAIN) – Britain’s planned digital ID system has come under sharper scrutiny after a leaked security assessment and whistleblower claims raised the prospect that the One Login platform could expose millions of people’s data. The government has kept backing the scheme, describing it as free, stored on people’s phones, and intended for all UK citizens and legal residents by the end of this Parliament.

Ministers also intend to tie the system to immigration and employment checks. Employers would face a “legal requirement” to check the digital ID as evidence of the right to work, under the government’s public explanation of how the scheme would operate.

The sharpest warnings came from senior civil servants who said they had identified flaws severe enough to let attackers compromise a system administrator, hijack a session, and reach sensitive code and data without triggering expected monitoring alerts. One whistleblower warning described the risk as “the worst data breach in UK government history.”

Leaked National Cyber Security Centre material added a wider set of risks. Those documents warned that One Login could create exposure to bulk theft of personal data, identity theft, government fraud, economic damage, and risks to people in witness protection, intelligence work, and foreign dissident communities.

The government’s public case for the system remains broad. It says the digital ID will carry a person’s name, date of birth, nationality or residency status, and a photo, and that the service will be protected with advanced security and encryption.

Officials have also said users will control when information is shared. If a phone is lost or stolen, the government says the digital credentials can be revoked and reissued, and that police will not be able to demand to see the digital ID.

That set of promises sits beside a more coercive use case in the same plan. The scheme is being presented as a convenience tool for people who want a digital credential on a phone, but it is also framed as an immigration-control measure because employers would have to rely on it for right-to-work checks.

Eligibility is narrow by design. Only UK citizens and legal residents would be able to hold the digital ID, a condition that places the system directly inside the country’s immigration and visa framework rather than treating it as a general-purpose identity product for everyone in Britain.

The link to right-to-work enforcement gives the proposal extra weight for visa holders and other lawful residents. A digital credential that carries nationality or residency status is not simply an optional app feature in that setting; it becomes part of the process employers use to confirm whether a person can work legally.

Critics have focused on the scale of the risks created by a central identity system. They argue that any large platform holding identity data becomes a high-value target for hackers, especially when it could affect millions of people and touch both government systems and private-sector checks.

They have also warned about function creep, the long-running concern that a database or credential introduced for one purpose expands into others. In this case, the initial public case joins convenience, proof of status, and employment checks, while critics say state access to personal data can move beyond the original purpose once a system becomes embedded.

The leaked material sharpened those concerns by describing harms that stretch well beyond ordinary account fraud. Risks to people in witness protection, intelligence work, and foreign dissident communities suggest a breach would not fall evenly across the population, and that exposure of identity data could carry personal and security consequences that differ from routine cyber incidents.

Government assurances address some of the practical questions likely to matter most to the public. A phone-based credential that can be revoked and reissued after loss or theft offers one answer to the problem of device security, while the pledge that police cannot compel someone to show the digital ID draws a line around one possible use of the system.

Yet the whistleblower allegations cut at the point where those reassurances matter most. If attackers could reach sensitive code and data without triggering expected monitoring alerts, as the civil servants alleged, the issue would not be whether individual users can choose when to share information, but whether the underlying platform can protect that information in the first place.

The clash also leaves the rollout timeline under closer watch. The government still says One Login will be available to all UK citizens and legal residents by the end of this Parliament, but the pressure created by the leak and the whistleblower claims is likely to focus attention on any changes to the project’s scope, pace, or security design.

Future government responses will draw scrutiny on a narrower set of points already visible in the plan: how ministers answer the leaked security assessment, whether they alter any proposed uses tied to immigration and employment checks, and how clearly they explain data protection, user control, and the revocation process for lost or stolen phones.

For now, Britain’s digital ID push stands on two competing accounts that come from the same project. One presents One Login as a free, encrypted credential that gives users control over their information and a way to prove status on a phone; the other warns that severe flaws could expose sensitive code, data, and some of the most vulnerable people in the country.