On Friday the 13th (unlucky for some!!), Companies House was made aware of a security issue which meant that a logged-in user of our WebFiling service could potentially access and change some elements of another company’s details without their consent after performing a specific set of actions.
This was not accessible to the general public. Only users with an authorised code and logged in to the service could have performed this action.
WebFiling was closed at 1:30pm on Friday 13th of March while they investigated and resolved the issue. The service has been independently tested and is back online as of 9am on Monday 16th of March.
However, Companies House are now emailing all registered email addresses warning that it was technically possible for a logged-in registered user to:
- File updates to any information without consent. For example, new accounts or changes of director.
- See certain data not normally published on the public register:
- the day of the date of birth for directors and PSCs
- residential address for directors and PSCs
- company registered email address
As a precaution they are advising everyone to check their registered details and filing history to make sure everything looks correct.
If anything seems incorrect or unexpected, you should contact Companies House on [email protected] using ‘WebFiling issue’ in the subject heading.
We recognise that this incident may have caused concern, and we are sorry for that. Companies House takes its responsibility to protect your data extremely seriously, and we are committed to doing everything we can to support those affected and to maintaining your trust in our services.
– Companies House
