**
In a startling turn of events, UK companies are being urged to scrutinise their details following a significant security lapse on the Companies House platform that may have jeopardised the personal information of countless businesses. The incident allowed logged-in users to potentially view and alter sensitive data, including directors’ home addresses and contact details, without any authorisation. With this breach coming to light, business owners are on high alert, needing to act fast to safeguard their information.
The Security Breach Uncovered
Companies House, the official government body responsible for managing the registration of limited companies in the UK, confirmed the issue after it was reported on Friday. By Monday, the glitch had been resolved, but not without raising critical concerns regarding the safety of corporate data. Andy King, the chief executive of Companies House, expressed regret over the incident, stating that it had been duly reported to both the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC).
“Companies House takes its responsibility to protect the data entrusted to us extremely seriously,” King remarked. He assured the public that swift action had been taken to restore services and that they were committed to supporting those affected, reinforcing their dedication to maintaining the trust of the businesses they serve.
How the Glitch Occurred
The breach originated from an update to the WebFiling system, which allows UK company directors to submit essential legal documents like annual accounts. This update, implemented in October 2025, seemingly introduced the vulnerability that was uncovered by John Hewitt from the corporate services provider Ghost Mail.
Hewitt stumbled upon the flaw while attempting to access his own company dashboard; by repeatedly pressing the back button after trying to view another company’s details, he inadvertently gained access to that company’s dashboard. This alarming discovery prompted him to alert both Companies House and the independent think tank, Tax Policy Associates.
In response to these findings, Companies House immediately suspended the WebFiling system to conduct a thorough investigation, which revealed that certain personal data, such as dates of birth and residential addresses, could have been visible to unauthorised users.
What to Do Next
While Companies House has confirmed that passwords remained secure and sensitive identity verification data, such as passports, was not compromised, the potential for unauthorised filings—like changes to company accounts or directorships—has left many businesses anxious. Current reports suggest that no previously filed documents, including accounts or confirmation statements, could have been altered during this period.
In light of these developments, Companies House is advising all businesses to keep an eye on their registered email addresses for communications detailing how to verify their company information and what corrective measures to take if they suspect any issues. Business owners are encouraged to be proactive and report any discrepancies they might find.
Broader Implications in Cybersecurity
This incident is not an isolated case. The tech landscape has been rife with similar breaches, as evidenced by recent reports of banking apps leaking customer transaction details and significant hacks affecting millions across various sectors. With the surge in cyber threats, this serves as a stark reminder for businesses to bolster their cybersecurity measures.
Why it Matters
The implications of this glitch extend far beyond a mere technical error; they strike at the very heart of corporate trust and integrity. As businesses navigate an increasingly digital world, safeguarding sensitive information is paramount. This incident highlights the urgent need for companies to implement robust security protocols and remain vigilant in protecting their data. As the digital landscape continues to evolve, the importance of cybersecurity cannot be overstated—it is not just a technical necessity but a fundamental component of business resilience.
