CP
cyberpings
BreachesHIGH

Data Breach - UK's Corporate Registry Flaw Exposed Records

REThe Register Security
Companies HouseUK corporate registrydata exposuresecurity flaw
🎯

Basically, a flaw let company directors see private info from other companies.

Quick Summary

A serious security flaw in the UK's corporate registry exposed sensitive data of company directors. This breach raises concerns about data protection and trust in government services. Companies House has taken action to address the issue and is investigating potential misuse.

What Happened

On March 13, 2026, the UK's Companies House had to shut down its WebFiling service due to a significant security flaw. This issue allowed logged-in users to access and potentially modify confidential information from rival companies. The flaw was first reported by tax professional Dan Neidle, who demonstrated how easily it could be exploited on social media. Following this revelation, Companies House acted swiftly to secure the platform, bringing it back online by March 16.

The flaw stemmed from changes made to the WebFiling platform in October 2025. These changes inadvertently allowed directors to view hidden data from other companies by using the browser's back button after attempting to log in to another company's account. This could have led to unauthorized access to sensitive information, including dates of birth and residential addresses.

Who's Affected

The incident primarily affects company directors and businesses registered with Companies House. As the central registry for UK businesses, it holds sensitive data crucial for maintaining corporate integrity. Directors could have accessed the personal details of their competitors, leading to potential misuse of this information.

While the flaw was limited to individual records and did not allow mass data extraction, the implications of such a breach can be severe. Trust in the corporate registry is vital for maintaining a fair business environment. If directors exploited this flaw, it could undermine the integrity of the entire registry system.

What Data Was Exposed

The exposed data included sensitive personal information that is not typically available to the public. This includes:

  • Dates of birth
  • Residential addresses
  • Company email addresses

Although Companies House confirmed that passwords and identity verification documents were not accessible, the potential for unauthorized filings still posed a significant risk. The agency is currently investigating whether any unauthorized changes were made to company records during the time the flaw was active.

What You Should Do

If you are a company director or business owner, it is essential to stay informed about this incident. Here are some steps to consider:

  • Monitor your company records: Regularly check your business information on Companies House for any unauthorized changes.
  • Review security practices: Ensure that your company has robust security measures in place, especially regarding sensitive data management.
  • Stay updated: Follow Companies House announcements for any further developments related to this breach.

Companies House has committed to taking firm action if evidence of exploitation is found. They are also working closely with the Information Commissioner's Office and the National Cyber Security Centre to address the situation and enhance data protection measures.

🔒 Pro insight: The incident highlights critical vulnerabilities in government data management systems, necessitating immediate reforms to enhance security protocols.

Original article from

The Register Security

Read Full Article

Share

Related Pings

HIGHBreaches

Telus Digital Hack - ShinyHunters Claims Responsibility

Telus Digital has confirmed a data breach, with ShinyHunters claiming responsibility. Major businesses relying on their services may be at risk, facing potential data exposure and reputational damage. The investigation is ongoing, leaving many questions unanswered.

Cybersecurity Dive·
HIGHBreaches

Oracle EBS Hack - Corporate Giants Silent on Impact

A recent hacking campaign against Oracle EBS has left four major companies silent. Broadcom, Bechtel, Estée Lauder, and Abbott Technologies have not confirmed their status. This silence raises concerns about potential data breaches and impacts on stakeholders. Companies typically acknowledge such incidents, making their lack of response alarming.

SecurityWeek·
HIGHBreaches

Data Breach - Intuitive Surgical Cyberattack Exposed Data

Intuitive Surgical faced a cyberattack that compromised sensitive employee and customer data. This breach raises serious concerns about data security. Affected individuals should remain vigilant.

Cybersecurity Dive·
HIGHBreaches

Companies House Breach - Web Glitch Exposes Corporate Data

A serious flaw in the Companies House website has exposed sensitive corporate data, putting millions at risk. This breach allows fraudsters to access personal information, raising significant security concerns. Companies must now verify their registration data to ensure no unauthorized changes have occurred.

Infosecurity Magazine·
HIGHBreaches

Telus Data Breach - ShinyHunters May Have Stolen Data

Telus has confirmed a major cyberattack, possibly losing a petabyte of data to hackers. This breach poses serious risks to customers and partners. Immediate action is crucial to protect sensitive information.

The Register Security·
HIGHBreaches

Starbucks Data Breach - 889 Employees Affected

A data breach at Starbucks has affected 889 employees, raising concerns about data security and privacy. Immediate actions are needed to protect sensitive information. Stay alert and monitor your accounts closely.

Security Affairs·