Companies House, the UK’s official company registrar, has restored its WebFiling service following a glitch that exposed sensitive data and allowed unauthorized changes to company details.
Service Disruption and Resolution
Officials identified a misconfiguration in the WebFiling platform on Friday afternoon. This issue enabled logged-in users with authorized access codes to view and alter certain details of other companies without permission through specific actions.
WebFiling facilitates electronic submission of official documents. To address the vulnerability, Companies House temporarily shut down the service over the weekend. Independent testing confirmed its safety, and it resumed operations at 9 a.m. on Monday, March 16.
Data Exposure Risks
Investigations revealed that some non-public information, such as dates of birth, residential addresses, and company email addresses, became visible to other authorized WebFiling users. Malicious actors could potentially modify details like accounts or director information.
However, CEO Andy King emphasized that extracting data was challenging, as it required accessing one company profile at a time. No passwords were compromised, identity verification data remained secure, and existing documents showed no signs of tampering.
Recommendations and Assurance
Companies House urges all organizations to review their registered details and filing history. Affected parties should contact authorities with any concerns.
Andy King concluded, “Companies House takes its responsibility to protect data extremely seriously,” accompanied by an apology for the inconvenience.
