Companies House Security Issue: What Happened and What Businesses Should Do

Between 13 and 16 March 2026, Companies House identified and addressed a security issue affecting its WebFiling service. While the incident was short-lived and has since been resolved, it has prompted understandable concern among business owners and directors regarding the integrity and security of company data. Countless influencers posted about the incident and we know many of you will have received emails from Companies House with updates.

It seems the issue stemmed from a system update which was rolled out as part of Companies House’s wider programme of modernisation and enhanced security. Interestingly the changes are designed to strengthen the reliability of the register, but instead the update inadvertently created a vulnerability. There were reports that in limited circumstances, authenticated users were able to view certain non-public information relating to other companies, including dates of birth and residential addresses.

There have also been industry reports suggesting that unauthorised filings may have occurred in isolated cases, although Companies House has not confirmed widespread misuse. Importantly, Companies House has confirmed that passwords were not compromised, identity verification documents such as passports were not accessed, and previously filed documents (including accounts) could not be altered.

The service was quickly restored, and the matter has been reported to both the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC), with investigations ongoing.

For business owners, the key takeaway is not simply that an issue occurred, but that it highlights the importance of proactive governance. Companies House is advising all companies to review their registered details carefully. This includes checking the registered office address, filing history, director appointments and resignations, and the email addresses associated with the company account. It is also essential to ensure that all individuals authorised to make filings remain appropriate and up to date. With everything else to do when running a business, this just adds to the list, but we’d encourage you to spend that hour (probably less) checking, rather than regret it down the line.

If you find there are any discrepancies, these should be reported immediately. Top tip: take screenshots and timestamps where issues are identified.

While this incident appears to have been contained, it is a timely reminder that even trusted public systems are not immune to risk. Regular reviews of company records, combined with clear internal controls around who can access and update filings, remain a critical part of good corporate housekeeping. If in doubt, ask your accountant or give us a quick call.

‍