CP
cyberpings
BreachesHIGH

Companies House - Security Issue Exposes Director Data

SCSC Media
Companies Housedata exposuredirector datavulnerability
🎯

Basically, a security flaw let some users see private information about company directors.

Quick Summary

A security issue at Companies House exposed sensitive data of company directors. This breach raises serious privacy concerns for those affected. The agency is investigating the incident and taking action.

What Happened

On March 13, 2026, the Companies House platform experienced a serious security issue that forced the temporary shutdown of its WebFiling service. This UK government agency, responsible for registering companies and their directors, reported that a vulnerability had exposed personal details of company directors to logged-in users. The flaw, which was introduced back in October 2025, allowed unauthorized access to sensitive information, including dates of birth and residential addresses.

The incident came to light when tax professional Dan Neidle demonstrated the vulnerability via a social media video. He showed how logged-in users could potentially view and even modify hidden company details. Although Companies House assured that passwords and filed documents were not compromised, the risk of unauthorized filings, such as changes to director information, raised significant concerns.

Who's Affected

The security breach primarily affects company directors whose personal information is stored on the Companies House platform. This includes a wide range of individuals, from small business owners to executives of large corporations. The exposure of sensitive data could lead to identity theft or other malicious activities, putting these individuals at risk.

Moreover, the issue impacts the integrity of the Companies House system itself. Trust in this platform is crucial for maintaining accurate corporate records, and such vulnerabilities can undermine public confidence in government services. The agency has stated it is taking this matter seriously and is conducting a thorough investigation.

What Data Was Exposed

The exposed data includes highly sensitive information such as:

  • Dates of birth of company directors
  • Residential addresses of directors
  • Potentially hidden company details that could be modified by unauthorized users

While no passwords or filed documents were compromised, the nature of the exposed data raises serious privacy concerns. The possibility of unauthorized filings, such as changing director information, could lead to significant legal and financial repercussions for those affected.

What You Should Do

If you are a company director registered with Companies House, it is crucial to remain vigilant. Here are some steps you can take:

  • Monitor your accounts for any unauthorized changes or filings.
  • Update your passwords and ensure they are strong and unique.
  • Stay informed about the investigation and any updates from Companies House.

Additionally, Companies House has reported the incident to the Information Commissioner's Office and the National Cyber Security Centre. They are investigating whether the flaw was exploited and have pledged to take firm action against any unauthorized access. Keeping abreast of these developments will be essential for affected individuals.

🔒 Pro insight: The vulnerability's potential for unauthorized filings highlights the need for robust security measures in government databases.

Original article from

SC Media

Read Full Article

Share

Related Pings

MEDIUMBreaches

Stryker - Restoring Ordering and Shipping Systems After Attack

Stryker is recovering from a cyberattack that disrupted its ordering and shipping systems. The company believes the threat is contained and is restoring operations. This incident highlights the importance of cybersecurity in healthcare.

Cybersecurity Dive·
HIGHBreaches

Data Breach - Marquis Exposes 672,000 Personal Records

Marquis has revealed a ransomware attack affecting over 672,000 people. Personal and financial data, including Social Security numbers, were stolen. This breach raises serious security concerns for those affected.

TechCrunch Security·
HIGHBreaches

Data Breach - Intuitive Hit by Phishing Attack

Intuitive has suffered a data breach following a phishing attack. Customer and corporate data were accessed, raising concerns about data security. The company assures that surgical systems remain unaffected.

SC Media·
HIGHBreaches

Data Breaches - UK Businesses Face Risks from Identity Security

UK businesses are facing significant risks of data breaches due to poor identity security practices. A recent report reveals that many organizations fail to deactivate ex-employee accounts promptly. This negligence, coupled with a rise in credential compromise incidents, puts sensitive data at risk. Immediate action is necessary to protect against potential breaches.

SC Media·
HIGHBreaches

Data Breach - Intuitive Suffers from Targeted Phishing Attack

Intuitive has reported a data breach due to a phishing attack, compromising sensitive customer and employee information. This incident underscores the ongoing cybersecurity challenges in healthcare. The company is taking steps to secure its systems and mitigate risks.

Security Affairs·
HIGHBreaches

Shadow AI Breach - SaaS Apps Enable Massive Data Exposures

A new report reveals how shadow AI in SaaS apps leads to massive data breaches. With 80% of incidents involving sensitive data, organizations must improve visibility and control.

SecurityWeek·