Security
Security Breach at UK Companies House Exposes Sensitive Business Data
Companies House WebFiling Service Restored After Security Flaw Exposed Data
Companies House, a crucial British government agency responsible for managing the registry of all U.K. companies, has announced the reactivation of its WebFiling service. The service was temporarily shut down on Friday to address a security vulnerability that had been exposing companies’ information since October 2025.
An alert regarding the security flaw was raised by Dan Neidle, the founder of the non-profit organization Tax Policy Associates. Neidle took action after John Hewitt from Ghost Mail, who initially discovered the flaw, did not receive a response.
According to Neidle, the vulnerability allowed unauthorized access to the dashboards of the five million companies registered with Companies House. By simply logging in with personal details and selecting the option to “file for another company” using the target company’s number, users could gain access to sensitive company information.
The flaw, present for five months, exposed data including home and email addresses of management personnel from the registered companies.
Companies House acknowledged the security breach on Monday after restoring the WebFiling service and attributed the issue to an update in October 2025 that introduced the vulnerability.
The agency clarified that the flaw could only be exploited by logged-in users and would allow them to modify certain details of another company without authorization. However, the breach could only be utilized to access data and records on a single entry basis.
“Our investigation has revealed that certain non-public data of individual companies that are not typically disclosed on the Companies House register may have been visible to other users logged into WebFiling,” Companies House stated.
“This may include personal information such as dates of birth, residential addresses, and company email addresses. Unauthorized filings, such as accounts or changes in directorship, could have been potentially made on another company’s record.”
The agency confirmed that no user passwords were compromised, and information used for identity verification, like passport details, remained secure during the vulnerability period. Additionally, “no previously filed documents, such as accounts or confirmation statements, could have been tampered with.”
Companies House has reported the incident to the U.K. Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC) for further investigation. They are assessing whether the vulnerability was exploited to access or alter any company’s information.
“At this stage, we have not received any reports of unauthorized access or alterations to data,” Companies House assured in their statement. “Nevertheless, our investigation is ongoing, and we are committed to transparency throughout the process.”
Malware tactics are evolving. The Red Report 2026 delves into how new threats utilize advanced techniques to evade detection and remain undetected.
Explore our analysis of 1.1 million malicious samples to uncover the top 10 strategies and evaluate the effectiveness of your security measures.
The Future of Apple Design: Embracing Liquid Glass
Goldman Sachs pivots AI investments towards data center technology
Deputy PM: Fuel Rationing Not Currently Considered for Australia
The REAL reason you don’t get a charger anymore.
Security Breach at UK Companies House Exposes Sensitive Business Data
Strategies for Long-Term Business Security: 5 Essential Tips
Stealthy OpenClaw: Evading EDR, DLP, and IAM Undetected
Top 12 Essential Websites Every Student Needs in 2026
All-new BMW i3: Revolutionizing Electric Mobility with the Neue Klasse Concept
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook’s New Look: A Blend of Instagram’s Style
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Facebook and Instagram to Reduce Personalized Ads for European Users
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
The REAL reason you don’t get a charger anymore.
What you didn’t know about Xiaomi.
21 HORRIFIC Tech Fails they want you to forget.
Why does nobody buy LG Smartphones?
Can you ACTUALLY trust Mrwhosetheboss?
A Fascinating Smartphone Gadget – Insta 360 GO 2 😈
ROG Phone 5 Ultimate Unboxing – So Fast it’s Funny.
Oppo Find X3 Pro Review – wait WHAT!?
if smartphone commercials were EXTREMELY honest.
-
Facebook5 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook5 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook5 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook3 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook5 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook3 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook3 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple5 months agoMeta discontinues Messenger apps for Windows and macOS
