Millions of individuals and businesses registered on Companies House have been warned following the discovery of a significant website glitch that potentially exposed personal data. The issue allowed authorized users logged into the system to view and edit details belonging to other companies, including sensitive information such as directors’ home addresses and email addresses, without permission.
Andy King, CEO of Companies House since September, publicly apologized for the incident after being informed of the security lapse last Friday. In an official statement, King acknowledged the distress the breach may have caused, stating, “I recognize that this incident will have caused concern and inconvenience to many of the companies and individuals who rely on our services. I am sorry for that.”
Companies House emphasized their commitment to data protection and swift action following the breach. Measures have been implemented to secure and restore the service, and ongoing support is being offered to those affected.
Importantly, the data exposure was not accessible to the general public; only users with authorized login credentials were potentially able to access the information. King reassured that the vulnerability did not allow large-scale data extraction or systematic access to records. Any unauthorized viewing was likely limited to individual company files accessed one at a time by registered WebFiling users.
The organization promised transparency and pledged to provide updates as investigations continue. King also warned that any unauthorized use of this flaw to alter company information would lead to stringent actions.
Fortunately, no passwords or identity verification data, such as passport details, were compromised during the incident. Additionally, existing filed documents like accounts or confirmation statements remained secure and unaltered.