Companies House Security Breach Exposes Personal Data of Millions
A significant security warning has been issued for millions of individuals and businesses with registered details on the Companies House platform. A major technical glitch on the official Companies House website potentially exposed the sensitive personal data of millions of registered firms across the United Kingdom.
Unauthorized Access to Sensitive Information
The security failure allowed logged-in users with authorized access codes to potentially view and edit other companies' confidential details without proper consent or authorization. This unauthorized access reportedly included directors' private home addresses and personal email addresses, raising substantial privacy concerns for business leaders nationwide.
Andy King, the chief executive officer of Companies House, has issued a formal public apology for the technical error that compromised data security. The government agency confirmed it became aware of the significant security failure on Friday, prompting immediate investigation and response measures.
Official Response and Investigation
In an official statement, Mr. King expressed recognition of the concern and inconvenience caused to companies and individuals who depend on Companies House services. "I am sorry for that," King stated, emphasizing the organization's commitment to data protection responsibilities.
Companies House has clarified that the compromised data was not accessible to the general public without registration. Only users with authorized codes who were actively logged into the WebFiling service could potentially access the sensitive information during the security breach window.
"We believe that this issue could not have been used to extract data in large volumes or to access records systematically," King explained. "Any access would have been limited to individual company records, viewed one at a time by a registered WebFiling user."
Security Measures and Ongoing Monitoring
The government agency has implemented swift action to secure and restore service integrity while committing to comprehensive support for affected parties. Companies House maintains that no passwords were compromised during the incident, and no identity verification data—including passport information—was accessed by unauthorized parties.
Furthermore, the organization confirmed that existing filed documents such as official accounts or confirmation statements could not have been altered through the security vulnerability. The agency promises continued transparency with regular updates as their investigation progresses.
"If we find evidence that anyone has used this issue to access or change another company's details without authorisation, we will take firm action," King warned, underscoring the serious consequences for malicious exploitation of the security gap.
