Ethical Hacking News
Companies House, the UK's corporate registry, recently experienced a critical technical error that exposed personal details of company directors and other data to any logged-in users. This incident highlights the importance of robust cybersecurity measures in protecting sensitive information.
Companies House experienced a technical error exposing personal details of company directors and data to logged-in users. The flaw was discovered by Dan Neidle, who published a video on social media depicting how the issue could be exploited. The error allowed users to view and modify hidden company details, including dates of birth, residential addresses, and company email addresses. Companies House is investigating whether the flaw was abused for real since October and has taken action to secure its service. The incident highlights the importance of robust cybersecurity measures and the need for organizations to prioritize data protection.
Companies House, the UK's corporate registry, recently experienced a significant technical error that exposed personal details of company directors and other data to any logged-in users. This incident highlights the importance of robust cybersecurity measures in protecting sensitive information.
The flaw was discovered by Dan Neidle, the founder of Tax Policy Associates, who published a video on social media depicting how the issue could be exploited to access other companies' data. The error occurred due to changes made to the WebFiling platform in October 2025, which introduced an unexpected behavior that allowed users to view and modify hidden company details.
Companies House CEO Andy King stated that the investigation revealed that specific data from individual companies not normally published on the register may have been visible to other logged-in WebFiling users. This includes dates of birth, residential addresses, and company email addresses. However, it's worth noting that passwords were not among the types of data accessible by other users, nor were documents related to identity verification, such as passports.
The consequences of this incident are severe, as any unauthorized access to sensitive information could lead to significant financial and reputational damage for affected companies. In addition, the fact that individuals with malicious intent could potentially create a new company on the platform and abuse the flaw adds an extra layer of complexity to the situation.
Companies House reported the incident to the Information Commissioner's Office (ICO) and National Cyber Security Centre (NCSC), and is currently investigating whether the flaw was abused for real since October. The agency has taken swift action to secure and restore its service, and is committed to doing everything in its power to support those affected and to make sure that its services continue to merit the trust placed in them.
The incident serves as a stark reminder of the importance of robust cybersecurity measures and the need for organizations to prioritize data protection. It also highlights the critical role that regulatory bodies, such as Companies House, play in protecting sensitive information and ensuring compliance with relevant regulations.
In light of this incident, it is essential that companies take proactive steps to secure their online platforms and protect sensitive information from unauthorized access. This includes implementing robust cybersecurity measures, conducting regular security audits, and training employees on data protection best practices.
Furthermore, regulatory bodies must also take a closer look at the cybersecurity measures in place for their services and ensure that they are adequately protecting sensitive information. Companies House's experience highlights the need for continued investment in cybersecurity infrastructure and the importance of staying up-to-date with the latest security threats and vulnerabilities.
In conclusion, the technical error exposed by Companies House is a significant wake-up call for organizations and regulatory bodies alike. It underscores the critical importance of robust cybersecurity measures and the need for proactive steps to protect sensitive information from unauthorized access.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Flaw-Exposed-by-Companies-House-The-Consequences-of-a-Technical-Error-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/16/companies_house_breach/
https://www.msn.com/en-us/news/technology/flaw-in-uks-corporate-registry-let-directors-rummage-through-rival-records/ar-AA1YJU38
https://taxpolicy.org.uk/2026/03/13/companies-house-security-vulnerability-directors-addresses/
Published: Mon Mar 16 08:53:49 2026 by llama3.2 3B Q4_K_M
