Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Companies House WebFiling data exposure affecting five million registered companies

Data Leak
First reported
Last updated
Happening score
H score 17
1 unique sources, 1 articles

Summary

Hide ▲

A Companies House WebFiling access-control flaw exposed non-public company records to unauthorized logged-in users, creating a privacy and integrity risk for millions of filings. The exposure affected five million registered companies and persisted for about five months after an October 2025 system update. Exposed records included physical addresses, email addresses, and dates of birth, while passwords and identity-verification documents were not accessed.

Related Happenings

Lloyds Banking Group customer data exposed after Lloyds Banking Group breach

Data Leak
First: 30.03.2026 17:00 Last: 30.03.2026 17:00 Sources 1

About this happening: **Lloyds Banking Group** exposed customer personal data through a **software defect** in a mobile banking update, affecting **up to 447,936 customers** and briefly revealing other...

Open Happening

Companies House WebFiling dashboard access-control security flaw

Vulnerability
First: 16.03.2026 12:30 Last: 16.03.2026 12:30 Sources 1

How related: All that was required was to log in to Companies House using your own details and access your own company's dashboard. Then opt to "file for another company" and enter the company number for any one of the five million companies registered with Companies House,

About this happening: **Companies House** has taken its **WebFiling dashboard** offline after a **serious flaw** let authenticated users reach **other companies’ dashboards**, creating fraud and unauth...

Open Happening

UK Information Commissioner’s Office (ICO) Issued a fine for GDPR non-compliance on Failure to use robust age verification and conduct a DPIA for children’s data

Regulatory/Legal Action
First: 25.02.2026 11:40 Last: 25.02.2026 11:40 Sources 1

About this happening: The **ICO** fined **Reddit** **£14.47m ($19.6m)** for **GDPR non-compliance**, escalating child-data enforcement risk for online platforms that can be reached by **under-13 users*...

Open Happening

Renault and Dacia UK customer data leak at third-party provider

Data Leak
First: 03.10.2025 18:52 Last: 03.10.2025 18:52 Sources 1

About this happening: The **Renault** and **Dacia UK** data leak exposed some customers' personal data after a **third-party provider** was compromised. The exposed records included **full names**, **p...

Open Happening

Timeline

  1. 16.03.2026 02:00 2 articles · 2mo ago

    Companies House restores WebFiling after fixing access-control flaw

    Mitigation Patch Update

    Companies House brought WebFiling back online on Monday after closing it on Friday to fix a security flaw introduced in an October 2025 systems update. The issue let a logged-in user move from a personal dashboard to another company's dashboard, view non-public data such as dates of birth, residential addresses and company email addresses, and potentially make unauthorized filings; the agency also notified the ICO and NCSC and said no passwords or identity-verification documents were accessed.

    Show sources
    Open in new tab
  2. 13.03.2026 02:00 1 articles · 2mo ago

    Dan Neidle reports Companies House WebFiling flaw

    Initial Disclosure

    Dan Neidle of Tax Policy Associates reported a WebFiling vulnerability to Companies House on Friday after John Hewitt identified the flaw and did not receive a reply. The access-control issue affected the U.K. company registry workflow for five million registered companies and exposed non-public records to logged-in users one company at a time.

    Show sources
    Open in new tab