- 17 March 2026
Companies House has confirmed that a security vulnerability in its WebFiling service may have allowed logged‑in users to view and, in some cases, change certain details of other companies after performing a specific sequence of actions. The issue was introduced during an October 2025 system update and remained live until it was identified on Friday 13 March.
Companies House reports that it has no evidence at this stage that any company’s information was accessed or amended without permission, but affected data may have included directors’ dates of birth, residential addresses, and company email addresses, as well as the possibility of unauthorised filings.
The WebFiling service was taken offline over the weekend and reinstated at 9am on Monday 16 March following independent testing.
Companies House is asking all companies to:
- check their registered details and filing history to ensure nothing appears incorrect
- raise any concerns with Companies House, providing evidence where possible
- if experiencing filing difficulties today, file as soon as the service is available and retain screenshots of any error messages (including time and date), which Companies House has said it will take into account for missed deadlines.
We will continue to monitor developments and share further updates as Companies House progresses its investigation. In the meantime we recommend that companies check their filing history as Companies House suggests.
Further details
Companies House admits security failure was live for six months