Data Security, Security Operations, Government security

Companies House platform suffers security issue exposing director data

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

Companies House, the UK's registrar of companies and directors, experienced a significant security issue that led to the temporary shutdown of its record-filing platform. A vulnerability exposed personal details of company directors and other sensitive data to logged-in users, according to a recent report by The Register.

The incident occurred on March 13 when the WebFiling service was taken offline at 1:30 p.m. UTC. A flaw introduced in October 2025 allowed any logged-in user to potentially view and modify hidden company details, including dates of birth and residential addresses. While the agency stated that passwords and filed documents were not compromised, and large-scale data extraction was unlikely, the possibility existed for unauthorized filings such as changes of director or accounts. The issue was brought to light by tax professional Dan Neidle, who demonstrated the vulnerability in a social media video.

Companies House has reported the incident to the Information Commissioner's Office and the National Cyber Security Centre. The agency is investigating whether the flaw was exploited and has pledged to take firm action against any unauthorized access.

Source: The Register

You can skip this ad in 5 seconds