Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government whether the National Cyber Security Centre has warned about shortcomings with the One Login system, including risks of bulk personal data breach and mass impersonation fraud; and whether such warnings were shared with the Infrastructure and Projects Authority or the Cabinet Office Audit and Risk Committee.

The GOV.UK One Login programme works closely with the National Cyber Security Centre (NCSC) to identify and mitigate risks and align to the Cyber Assessment Framework (CAF). NCSC advises One Login on any key risks which should be prioritised as part of our security efforts. This independent review by NCSC is something we encourage and have continued to prioritise since the programme was established. As a Government Major Projects Portfolio programme (GMPP), the programme is subject to regular internal and external scrutiny and reporting. The Infrastructure and Projects Authority has reviewed the programme positively in the last three Assurance Gateway Reviews.