Companies House Shuts Down WebFiling to Fix Data Exposure
Companies House, the British government agency managing the UK's corporate registry, took its WebFiling service offline Friday to address a critical security vulnerability. The flaw had been exposing sensitive company information for nearly five months, dating back to October 2025.
The agency confirmed the service returned online after implementing security patches. WebFiling allows UK companies to submit mandatory filings and updates to their corporate records electronically.
All UK Companies Using WebFiling Service Hit by Breach
The vulnerability affected every UK company using the WebFiling platform to submit corporate documents and updates. This includes millions of registered businesses that rely on the service for mandatory compliance filings.
Director details and other sensitive corporate information remained exposed throughout the five-month period. The breach potentially impacted confidential business data across all sectors of the UK economy.
Related: Loblaw Data Breach Exposes Customer Personal Information
Related: Ericsson US Hit by Data Breach Through Service Provider
Related: Starbucks Data Breach Exposes Employee Personal Info
Related: Cognizant TriZetto breach exposes 3.4M patient records
Related: Telus Digital Confirms Breach After 1 Petabyte Data Theft
Emergency Shutdown Deployed to Stop Ongoing Data Leak
Companies House implemented an emergency closure of WebFiling services to prevent further data exposure. The agency worked through the weekend to deploy security fixes before restoring access.
Security researchers at Hackread documented the vulnerability's impact on director details, highlighting the scope of exposed information. Companies House has not disclosed whether the flaw was actively exploited by attackers during the exposure period.
