Experts fear Sir Keir Starmer’s Brit Card scheme will open the door for cyberhackers (Image: GETTY)
Sir Keir Starmer’s flagship digital ID card scheme could expose every UK adult to a “nightmare” breach, with hackers potentially ransacking a central database of 50 million records in a single swoop, a cybersecurity expert has warned. Graeme Stewart, head of public sector at Check Point Software Technologies, described the so-called “Brit Cards” as a “honeypot” for cybercriminals, far more attractive to them than past scandals like the NHS hack.
He told Express.co.uk: “The main difference is scale and comprehensiveness. That makes it extremely attractive to hackers, not just for the individual data but because it can be resold, weaponised in scams, or used for identity fraud.” Sir Keir unveiled the plans at the Global Progress Action Summit in London today, flanked by Australian Prime Minister Anthony Albanese and Canadian counterpart Mark Carney. The scheme requires all adults to hold free digital IDs, stored in a GOV.UK wallet app, which employers and landlords would scan against a central database to verify rights to work or rent.
Watch live: Starmer addresses Global Progress Action Summit
Physical cards would cater to the digitally excluded, like pensioners, with perks like age-proofing for alcohol purchases. Setup costs are estimated at £140m-£400m, with annual running costs up to £10m.
Mr Stewart said: “The nightmare scenario would be a single breach exposing the entire population, undermining trust in banking, Government services, and digital infrastructure.”
To avert this, he urged “security by design,” drawing on Estonia and India’s models, with robust encryption, access controls, and continuous monitoring.
He listed three must-have safeguards: “Strong authentication and access controls, such as multi-factor authentication and hardware-backed security keys; data encryption and privacy by design; continuous monitoring, auditing, and visible accountability.
“It’s not a simple choice [between centralised or decentralised]. The key step is to ensure secure interoperability during migration.”
Conservative Party Leader Kemi Badenoch (Image: Getty)
The rollout, needing fresh legislation and consultation, has sparked fierce backlash. A Big Brother Watch petition soared past 510,000 signatures, demanding its scrapping. Critics see it as a revival of Tony Blair’s axed 2010 ID scheme, repackaged for a surveillance-wary age.
Jasleen Chaggar, Legal and Policy Officer at Big Brother Watch, said: “Amassing vast amounts of data in centralised Government databases will be a goldmine for hackers and malign actors with catastrophic consequences for millions of ordinary people.
Meanwhile James Baker, platform power programme manager at the Open Rights Group, warned of systemic risks. He said: “A centralised system risks outages or increases vulnerability to cyberattack from a hostile state actor which could significantly harm the UK.
“We’ve witnessed chaos at airports when Border systems fail. When everyone is required to use a centralised system to work or rent then any problems will have widespread social and economic costs.”
Reform UK leader Nigel Farage (Image: Getty)
Etienne Koeppel, programme officer at Article 19, took aim at broader implications. Ms Koeppel said: “The Brit Card isn’t about convenience, it’s about control.
“A mandatory digital ID risks turning every citizen into a data point to be tracked, monitored, and potentially manipulated. While digital ID systems can create a single point of failure that cybercriminals will inevitably target, the deeper issue is how this system could enable sweeping surveillance powers and violate people’s privacy.
“It fosters a climate of distrust, where individuals are treated as suspects until verified by the state.”
The UK’s glitchy digital record fuels these fears. The eVisa system’s glitches have stranded travellers, while the Post Office Horizon scandal wrecked lives through unchecked flaws.
Sir Keir has pitched the IDs as a fix for the “shadow economy,” amid 1,157 small boat arrivals last week alone. Sir Keir said: “I know working people are worried about the level of illegal migration into this country.”
In a Telegraph op-ed yesterday, he pledged: “This Government will make a new, free of charge, digital ID that will be mandatory for the right to work by the end of this Parliament.”
Speaking at today’s launch, he said: “Let me spell it out, you will not be able to work in the United Kingdom if you do not have digital ID.
“It’s as simple as that because decent, pragmatic, fair-minded people, they want us to tackle the issues that they see around them.”
However, Tory leader Kemi Badenoch, Tory leader, called it a “desperate gimmick that will do nothing to stop the boats.” Reform UK leader Nigel Farage dubbed it a “cynical ploy”.
Liberal Democrats fear digital exclusion for the poor and elderly while Michelle O’Neill, Northern Ireland’s First Minister, branded it “ludicrous” and anti-Good Friday. The Tony Blair Institute, while backing it as a “gateway to government services,” stresses responsible rollout.
With Parliament poised for debate—the petition’s threshold met—Sir Keir’s gamble hinges on proving safeguards outweigh risks. A YouGov poll once showed 54% backing IDs, but public faith could crumble if breaches hit headlines – and a petition on the government’s own website opposing their introduction is rapidly closing in on a million signatures.
