Experts have warned that the government's upcoming digital ID system could become a prime target for phone thieves, as the data stored on devices becomes increasingly valuable. The digital IDs, announced by Sir Keir Starmer in September and due for rollout in 2029, will be stored as an app on users' phones and contain personal information including name, date of birth, nationality, residency status and a photograph.
James O'Sullivan, founder of smartphone security firm Nuke From Orbit, said criminals are already stealing phones primarily for the data they contain. He warned that digital IDs would provide strong proof of identity, potentially enabling fraudsters to impersonate victims or open bank accounts in their names. The government has stated that digital credentials can be quickly revoked if a phone is lost or stolen, but O'Sullivan stressed that thieves would have a window of opportunity before the device is disabled.
Action Fraud reported that between December 2024 and February 2025, £641,208 in phone theft fraud was recorded. O'Sullivan noted that thieves often have a few hours to access bank accounts and transfer money before victims can act. He does not expect an immediate surge in thefts but believes that as digital IDs become more widely used for identification, the financial incentive for criminals will increase, potentially leading to more thefts.
Aditya Hindocha of device protection provider SquareTrade said the data on a single phone has become far more valuable than the device itself. He added that digital IDs would concentrate this value further, making devices more attractive to sophisticated criminals. SquareTrade data showed the UK had the highest rate of phone theft in Europe this summer, accounting for 37% of all theft and loss claims.
Cybersecurity expert Nick Ellison said the exact encryption methods for digital IDs are not yet known, but he expects them to be stored securely. He suggested that people who do not use PIN codes or passwords on their devices would be most at risk. O'Sullivan emphasised that while the government will follow best practices at launch, it must continue to update security measures as technology evolves to avoid replacing current risks with new ones.
