A harsh reminder that actually protecting the networks which details get fired over is difficult enough, even for the most secure of companies.
What makes the government think that it's ID-transferral infrastructure will be any less vulnerable? Or any less of a target? (Heh). And with a bank card, I can "simply" replace a card whose details have been stolen. What happens if, say, 5 million ID biometric details get compromised? Will I be paying 100 quid to get a new one? Would there be any point, seeing as it would be keyed to my biometrics?
I suspect there's a unique key associated with each card issued, so cards can be "cut off", etc. But I haven't seen anything yet about this level of contingency. Too many unanswered questions.