Overview
- An easily triggered glitch let logged-in users reach other companies’ dashboards and view non-public data such as dates of birth, residential addresses and company emails.
- Companies House suspended WebFiling on Friday, patched the issue, independently tested the fix and brought the service back online on Monday morning.
- The flaw could have enabled unauthorized filings like director changes or accounts submissions, though existing filed documents could not be altered.
- Officials say the issue was not accessible to the general public, limited access to one record at a time and did not expose passwords or identity‑verification documents.
- The incident was reported to the ICO and NCSC, investigators are checking for anomalies, and companies are being urged to review their records and report concerns after John Hewitt’s discovery and Dan Neidle’s disclosure.