Companies House has suspended its online WebFiling service after a cyber vulnerability allowed users to access and potentially edit sensitive personal data belonging to other businesses registered on the UK’s corporate register.
The issue emerged after a security flaw in the government agency’s online dashboard allowed individuals to navigate into the accounts of other companies simply by pressing the browser’s back button. According to reports, the glitch could expose confidential information including directors’ home addresses, email addresses and dates of birth – data that could potentially be exploited for fraud or identity theft.
The vulnerability was identified by Dan Neidle, founder of Tax Policy Associates, who alerted Companies House to the issue on Friday. Neidle warned that the flaw could have serious implications if it had existed for a prolonged period before being detected.
“This could be very serious if it’s been around for a long time,” he said, describing the vulnerability as “an absolutely insane flaw in how easy it is to find.”
Following the alert, Companies House confirmed it had shut down the WebFiling system while an investigation takes place. The platform is widely used by businesses across the UK to submit official documents such as annual accounts, confirmation statements and other statutory filings.
Support authors and subscribe to content
This is premium stuff. Subscribe to read the entire article.
