Companies House Restores WebFiling After Flaw Exposed Director Details
Companies House, the UK's official company register, patched a critical WebFiling vulnerability that allowed authenticated users to access and modify other companies' records, including director personal data and filing submissions. The service was taken offline on Friday, March 13 and restored Monday, March 16 after investigation and independent testing. The agency is reviewing whether any unauthorized alterations occurred and will contact affected companies if evidence of tampering is found.
Summary
Companies House, the UK's official company register, patched a critical WebFiling vulnerability that allowed authenticated users to access and modify other companies' records, including director personal data and filing submissions. The service was taken offline on Friday, March 13 and restored Monday, March 16 after investigation and independent testing. The agency is reviewing whether any unauthorized alterations occurred and will contact affected companies if evidence of tampering is found.
Full text
Security PrivacyCompanies House Restores WebFiling After Flaw Exposed Director Details Companies House fixed a WebFiling flaw that allowed users to view director details and alter company records before the service was taken offline and restored. byWaqasMarch 16, 20262 minute read For a short window over the weekend, the UK’s official company register had to shut down part of its online filing system after a security flaw allowed users to view and alter information belonging to other companies. Companies House confirmed that its WebFiling service was taken offline at 1.30pm on Friday, 13 March and restored at 9am on Monday, 16 March. The shutdown followed the discovery of a vulnerability that allowed a logged-in user to access elements of another company’s filing account. According to the official statement, personal and company data such as directors’ dates of birth, residential addresses and company email addresses may have been accessible to other WebFiling users. Companies House also warned that someone could have submitted filings on behalf of another company while the flaw was active. That includes documents such as company accounts or changes to director details. Those filings would appear on the affected company’s public record if submitted through the system. The agency said the issue was investigated, fixed and then independently tested before the system went back online. Watch how the flaw worked (Video via @DanNeidle on X) Andy King, Chief Executive of Companies House, said the organisation moved quickly once the issue was identified and temporarily closed the service while engineers worked on the fix. The agency said it is reviewing whether any records were altered during the period and will contact affected companies if irregular activity is found. The incident arrives at a time when Companies House is gaining new responsibilities under the Economic Crime and Corporate Transparency Act. The reforms expand the registrar’s role in verifying company data and tackling misuse of the UK corporate register. Legal experts say the timing increases the importance of maintaining confidence in the system. James Orloff, corporate and commercial partner at London law firm Spector Constant & Williams, said the incident will worry businesses that rely on the register to maintain accurate company information. “The security issue affecting the Companies House WebFiling service will concern many companies and their officers who rely on the platform to keep their statutory records accurate,” Orloff said. “Confidence in the system matters even more now as Companies House takes on a larger role under the ECCTA reforms.” He added that the reported weakness could have allowed unauthorised filings, including accounts submissions or director changes, to appear on another company’s record. “Businesses should follow the guidance issued by Companies House and review their registered details and filing history to confirm that everything on their record is correct,” he said. Companies House has urged organisations to log in and review their filings to confirm that no unexpected changes were submitted during the affected period. The agency said further updates will be published if its investigation finds evidence that company records were modified without permission. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts BusinessCompanies HousePrivacyUnited KigdomVulnerabilityWebFiling Leave a Reply Cancel reply View Comments (0) Related Posts News Malware Security 167,000 stolen credit card numbers Exposed via PoS Malware The PoS malware attack was discovered in April 2022, but it's believed that the campaign occurred between Feb 2021 and Sep 8, 2022. byWaqas Read More Hacking News Cyber Attacks Security Hackers Leak 2.5M Private Plane Owners’ Data Linked to LA Intl. Airport Breach The IntelBroker hacker has claimed responsibility for the breach. byWaqas Read More Security Over 100 Dell Laptop Models Plagued by Vulnerabilities Impacting Millions A new Cisco Talos report reveals critical flaws in Dell Latitude and Precision laptops. Find out how hackers can exploit the ControlVault chip to steal sensitive data. byDeeba Ahmed Read More Security Cyber Attacks World’s Largest Bank ICBC Discloses Crippling Ransomware Attack Reportedly, it was a ransomware attack orchestrated by the notorious LockBit gang. byDeeba Ahmed