Last mentioned: Mar 14, 2026
Filing Guidance Issued
Official guidance released for companies missing deadlines due to the outage.
Guidance Issued
The registrar advises companies to document filing errors and promises to take the outage into account for deadlines.
Vulnerability Reported
Dan Neidle of Tax Policy Associates alerts Companies House to the 'back key' security flaw.
Service Suspension
Companies House takes the WebFiling service offline on Friday evening to investigate the issue.
Guidance Issued
Official guidance released advising users on how to handle missed filing deadlines due to the outage.
Vulnerability Discovered
Dan Neidle identifies a critical session management flaw in the WebFiling dashboard.
Companies House Alerted
Tax Policy Associates notifies the UK corporate register of the security risk.
Service Suspension
Companies House takes the WebFiling service offline for investigation and patching.
Vulnerability Identified
Dan Neidle of Tax Policy Associates discovers that the 'back' button allows access to other companies' private data.
Agency Alerted
Companies House is formally notified of the security flaw by Tax Policy Associates.
Service Suspension
Companies House takes the WebFiling portal offline on Friday evening to investigate the breach.
The UK’s corporate registrar, Companies House, has taken its WebFiling service offline following the discovery of a critical security flaw that exposed sensitive director data. The vulnerability allowed unauthorized users to view and potentially edit corporate records, raising significant concerns regarding identity theft and corporate fraud.
Companies House has taken its WebFiling service offline following the discovery of a severe vulnerability that allowed users to view and edit the personal data of other businesses. The flaw, which exposed directors' home addresses and dates of birth, was triggered by a simple browser navigation action, raising significant concerns over corporate identity theft and fraud.
The UK’s Companies House has taken its WebFiling service offline following the discovery of a critical security flaw that allowed users to view and edit sensitive personal data of company directors. The vulnerability, which could be exploited simply by using a browser's back button, has raised significant concerns regarding corporate identity theft and the integrity of the UK's business register.