Companies House WebFiling Security Incident
On 16 March 2026, Companies House issued a formal statement regarding a security vulnerability in its WebFiling service. All companies should check their registered details and filing history.
On 16 March 2026, Companies House issued a formal statement from the Registrar of Companies, Andy King, concerning a security vulnerability in its WebFiling service identified on 13 March 2026. The service was suspended over the weekend while Companies House investigated and resolved the matter; it has since returned to normal operation. The vulnerability was introduced when WebFiling systems were updated in October 2025.
The investigation found that certain data from individual company records not ordinarily published on the register, including dates of birth, residential addresses and company email addresses, may have been visible to other logged-in WebFiling users. It may also have been possible for unauthorised filings to be made against another company's record. Access was limited to individual company records, viewable one at a time by a registered WebFiling user.
Companies House is analysing register data to identify anomalies and will email every company's registered address with guidance on the checks to carry out and the steps to take if concerns arise. The investigation remains ongoing and further information will be issued as it progresses.
Recommended steps for companies
- Log in to your WebFiling account and review your registered details for accuracy.
- Check your full filing history and confirm all entries were authorised by you.
- Ensure your registered email address is current so you receive the Companies House guidance email.
- If you identify any unauthorised changes or suspicious filings, contact Companies House immediately and seek legal advice.
