Companies House Security Glitch Exposes Business Data, Urges Director Checks
Companies House Glitch Exposes Business Data, Urges Checks

Companies House Security Glitch Exposes Business Data, Urges Director Checks

Business directors across the UK are being urged to immediately verify their corporate details following a major security glitch at Companies House that potentially exposed millions of firms to fraud. The incident, which occurred on Friday, allowed unauthorized individuals to access and edit the data of other companies registered on the official corporate database.

Technical Failure Leads to Data Vulnerability

The glitch stemmed from a technical failure on the Companies House website, where users could exploit the back key function on the dashboard to gain access to other companies' confidential information. This security breach potentially affected all five million companies listed on the register, exposing sensitive director details including residential addresses, email contacts, and dates of birth.

Dan Neidle, founder of Tax Policy Associates and the individual who alerted Companies House to the vulnerability, issued a stark warning on social media platform X. "Anyone who owns a company should check its Companies House details right now," Neidle emphasized. He elaborated on the potential consequences, stating, "This could have been used to replace all the directors of Goldman Sachs with Mickey Mouse. However, cybersecurity experts believe sophisticated bad actors would more likely target limited numbers of small companies—changing office locations and directors, applying for fraudulent loans, and disappearing with the funds."

Immediate Response and Service Suspension

In response to the security breach, Companies House has temporarily suspended its WebFiling service while conducting a thorough investigation. A spokesperson for the organization confirmed on Friday evening, "We are aware of an issue with our WebFiling service and have closed it while we investigate. We apologize for any inconvenience to our customers."

The register has also provided guidance for businesses facing filing deadlines due to the service interruption. Companies House advises affected customers:

  • There is no immediate need to contact the register regarding missed deadlines
  • File documentation as soon as the service becomes available again
  • Take screenshots of any error messages encountered
  • Note the exact time and date of attempted filings
  • This evidence will be considered if filing becomes impossible

Legal Implications and Broader Context

The security incident carries significant legal implications under the Computer Misuse Act 1990. Unauthorized access to computer material can result in a maximum prison sentence of two years, with penalties increasing to up to five years if the access was intended to facilitate further offences such as fraud.

This marks the second major technical failure affecting UK institutions within a week, following Thursday's incident where Lloyds Banking Group customers reported seeing rogue transactions on their mobile banking applications. The consecutive security issues highlight growing concerns about digital infrastructure vulnerabilities in critical business and financial systems.

Business leaders and cybersecurity experts are now calling for enhanced security protocols and more rigorous testing of government digital services to prevent similar breaches in the future. The Companies House incident serves as a critical reminder for all business directors to regularly monitor their corporate registrations and maintain vigilance against potential identity theft and corporate fraud.