The online filing service of Companies House was temporarily suspended due to a technical issue that allowed unauthorized access to personal data of other businesses, potentially exposing them to fraudulent activities.
A flaw in the UK’s official corporate register enabled individuals to view sensitive information of different companies by using a simple navigation trick on the website dashboard. This loophole exposed details such as directors’ home addresses, email addresses, and dates of birth.
The discovery of this security vulnerability was brought to light by Dan Neidle, the founder of Tax Policy Associates, who emphasized the severity of the situation. Neidle warned that the ease of accessing such critical data posed a significant risk of fraudulent activities.
In response to the incident, a Companies House spokesperson confirmed the investigation into the matter and the temporary closure of the WebFiling service as a precautionary measure.
The potential implications of the security breach were highlighted by Neidle, who underscored the importance of addressing such vulnerabilities promptly to prevent misuse of sensitive information for fraudulent purposes.
Affected customers were advised by Companies House to file their documents promptly once the service resumed, providing details of any errors encountered during the downtime for consideration.
The seriousness of unauthorized access to computer material, as per the Computer Misuse Act 1990, was emphasized, with potential penalties including imprisonment for those found guilty of exploiting such vulnerabilities for malicious purposes.
Companies House, responsible for maintaining records of millions of businesses, including prominent entities like AstraZeneca, Shell, and Tesco, assured customers of their commitment to investigating and resolving the security breach swiftly.
At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the “Do Not Sell or Share my Data” button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Terms and Conditions.