Companies House has confirmed a serious security issue in its WebFiling service that may have allowed logged-in users to view certain non-public information belonging to other companies and, in some cases, to make unauthorised changes. According to Companies House, the issue was introduced during a system update in October 2025 and was identified on Friday, 13 March 2026.
What Has Been Exposed?
The data included directors’ dates of birth, residential addresses and company email addresses. Companies House also said it may have been possible for unauthorised filings (including accounts or director changes) to be made on another company’s record.
The Good News?
Passwords were not compromised, identity verification data such as passport information was not accessed, and existing filed documents could not be altered.
WebFiling was taken offline at 1:30pm on Friday, 13 March and restored at 9am on Monday, 16 March, after independent testing. Companies House has reported the incident to the ICO and the NCSC and says it has no reports at this stage of data being accessed or changed without permission, although an investigation is ongoing.
A Word From the CEO
“I recognise that this incident will have caused concern and inconvenience to many of the companies and individuals who rely on our services”, said Andy King, Chief Executive Officer of Companies House. “I am sorry for that. […] We have taken swift action to secure and restore our service and are committed to doing everything in our power to support those affected and to make sure that our services continue to merit the trust placed in them.”
What Directors Should Do Now
Companies House suggests that all companies check their registered details and filing history to ensure everything appears correct, and to get in touch via enquiries@companieshouse.gov.uk if it doesn’t.
For further advice or to gain a better understanding of what has happened and why, don’t hesitate to get in touch with one of our dedicated partner firms.
