Companies House WebFiling security issue
Between 13 and 16 March, Companies House confirmed a security issue affecting its WebFiling service. The vulnerability stemmed from an October 2025 system update introduced as part of broader security and modernisation work, including new identity-verification measures.
This update inadvertently created a flaw that, in limited instances, allowed authenticated users to view certain non public information from other companies’ dashboards, such as dates of birth, residential addresses, and company email addresses. Industry reports also suggest that unauthorised filings may have occurred in specific circumstances.
Companies House has since fixed the issue, restored the service and is continuing their investigation. They have reported the incident to the ICO and NCSC.
Recommend actions for companies
Companies House is advising all companies to:
- review registered company details, including registered office address, filing history, director appointments/resignations and account email addresses
- confirm that all authorised filers are correct and current
- report any discrepancies to Companies House immediately, retaining screenshots and timestamps as evidence.
What was not affected
Companies House has confirmed that:
- passwords were not compromised
- no data used as part of our identity verification process, such as passport information, was accessed
- no existing filed documents, such as accounts could have been altered.
If you have any questions or would like support reviewing your company information, including where we provide company secretarial services, please contact your usual Crowe contact
Contact us
