Companies House Security Glitch

On Friday, 13 March 2026, Companies House identified a security glitch in its WebFiling system, which allowed users with access to WebFiling services to view sensitive private information of directors from other registered companies by entering another company number.

The exposed information included:-

• dates of birth;

• residential addresses; and

• company email addresses.

Additionally, it may have been possible to make unauthorised filings, such as changes to accounts or directors. This vulnerability was not accessible to the general public but was limited to WebFiling users.

The issue reportedly originated from an update to the WebFiling system in October 2025. As of Monday, 16 March 2026, Companies House reported no confirmed cases of unauthorised data access or changes, although investigations are ongoing.

Recommendations for Companies

To mitigate risks, companies are recommended to take the following steps as a matter of urgency:

1. Review registered details on the company WebFiling: Verify that all company details and director information is accurate.

2. Review filing history: Conduct a review of the filing history to ensure no unauthorised submissions have been made. This is crucial for identifying potential breaches and taking corrective action.

3. Report concerns: Any discrepancies or concerns should be reported to Companies House immediately at enquiries@companieshouse.gov.uk using ‘WebFiling issue’ in the subject heading and include evidence to describe the concern.

Although Companies House has confirmed no verified cases of misuse so far, the full impact of the WebFiling glitch is still under investigation. Taking a few minutes to review your company information now can help identify any irregularities early and ensure they are addressed promptly.