In a significant privacy breach, Companies House has suspended its online filing service after a glitch exposed sensitive information related to various businesses. This incident has raised alarm over the security of personal data, including directors’ home addresses, email addresses, and dates of birth, which could potentially be exploited for fraudulent activities.
Glitch Discovered and Immediate Action Taken
The vulnerability was first identified on Friday, 13 March 2026, when Dan Neidle, founder of Tax Policy Associates, alerted Companies House. He revealed that users could access confidential information by simply pressing the back button on their dashboard, a discovery that he described as “insane” given the ease with which the data could be accessed.
Neidle warned that if the glitch had been active for an extended period, the consequences could be dire. “People could gather enough information to impersonate a company or its directors,” he said. “They could even change the registered address to theirs, allowing them to receive important documents and, potentially, file false accounts.”
Companies House Responds
In response to this alarming breach, a spokesperson for Companies House confirmed the suspension of the WebFiling service while investigations are underway. “We are aware of an issue with our WebFiling service and have closed it while we investigate,” the spokesperson stated, adding an apology for any inconvenience caused to customers.
For those who may miss filing deadlines due to this disruption, Companies House reassured customers that they could file as soon as the service is restored. They also advised users to document any error messages they encounter as evidence.
Legal Implications of the Breach
The Computer Misuse Act 1990 outlines serious penalties for unauthorised access to computer systems, with a maximum prison sentence of two years for general offences. This can escalate to five years for accessing data with the intent to commit further crimes, such as fraud. Given the sensitive nature of the information involved, the implications of this breach are significant.
Companies House is responsible for maintaining records of over five million companies in the UK, including major corporations like AstraZeneca, Shell, and Tesco. This incident raises questions about the robustness of the security measures in place to protect such vast amounts of personal and corporate data.
Why it Matters
The suspension of Companies House’s filing service highlights critical vulnerabilities in the management of sensitive information. As businesses increasingly rely on digital platforms for their operations, the potential for data breaches poses a considerable risk not just to individual companies, but to the integrity of the entire corporate registration system. This incident serves as a stark reminder of the importance of stringent cybersecurity measures and the need for ongoing vigilance in safeguarding personal information from potential exploitation.
