**
In a startling revelation, UK companies are now being advised to scrutinise their registered details following a significant security lapse at Companies House. A glitch that occurred during a system update potentially allowed users to access and modify sensitive information from other firms, including personal details of directors. The issue, which has raised eyebrows among business owners, highlights the urgent need for vigilance in data management.
The Incident Unfolded
Companies House, the official government body responsible for the registration and dissolution of limited companies in the UK, experienced a significant security breach when their WebFiling system was updated in October 2025. Users who were logged in could inadvertently view and even edit details from other companies. This encompassed sensitive information such as directors’ home addresses and email accounts, all without consent.
The glitch was first reported to Companies House on Thursday by John Hewitt, a representative from Ghost Mail, who discovered the vulnerability while trying to access his own company’s dashboard. Upon pressing the back button multiple times, he found himself viewing another company’s information. Alarmed, he promptly alerted both Companies House and Tax Policy Associates, an independent think tank.
Rapid Response from Companies House
Upon learning of the breach, Companies House took immediate action. The WebFiling system was temporarily shut down on Friday to facilitate a thorough investigation. By Monday, the agency announced that the issue had been resolved, although it reassured the public that no passwords had been compromised.
Andy King, the chief executive of Companies House, issued an apology, stressing the organization’s commitment to safeguarding the data entrusted to them. “We take our responsibility to protect the data entrusted to us extremely seriously,” he stated, adding that the incident had been reported to the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC). King assured affected parties that the agency was dedicated to supporting them during this time.
What Data Was Affected?
The investigation revealed that specific personal data, including dates of birth and residential addresses, may have been accessible to other users logged into the WebFiling system. Furthermore, there is a possibility that unauthorized filings—such as accounts or changes of directors—could have been made on another company’s record. However, Companies House clarified that no existing filed documents, like accounts or confirmation statements, could have been altered.
The ICO has confirmed it is monitoring the situation and has advised business owners to consult their SME hub for further guidance. Companies can expect correspondence at their registered email addresses, detailing how to verify their information and what steps to take if any anomalies are detected.
Steps for Businesses to Take
In light of this incident, business owners are urged to promptly check their registered details on the Companies House website. Any discrepancies or concerns should be reported directly to the agency, including evidence of the issue.
This proactive approach will not only help safeguard individual businesses but also reinforce confidence in the integrity of the Companies House system as a whole.
Why it Matters
This incident serves as a stark reminder of the vulnerabilities that exist within digital systems and the importance of ongoing vigilance in data security. For businesses, especially small and medium-sized enterprises, a breach can lead to significant reputational damage and financial loss. By taking immediate steps to verify their information and report any concerns, companies can better protect themselves against potential risks and ensure that their data remains secure. The Companies House glitch underscores the need for robust cybersecurity measures and awareness across the business landscape, reminding us all that in today’s digital age, safeguarding sensitive information is more crucial than ever.
