17 March 2026 | Comment | Article by Andrew Hoad

Companies House acknowledges WebFiling security issue: What you need to do now

Written by Andrew Hoad, Partner in our Corporate/Commercial team along with Daniel Burke, Solicitor.

Companies House has apologised after acknowledging a security issue affecting its WebFiling service which may have allowed a logged-in user to access certain information relating to another company and, in some cases, potentially change elements of that company’s details without consent.

In an official statement published on 16 March 2026, Companies House said it became aware of the issue on Friday 13 March 2026. It then took WebFiling offline while the issue was investigated and resolved, before bringing the service back online on Monday 16 March 2026 following independent testing.

What happened?

According to Companies House, the issue was not accessible to the general public. It said only users who were logged in to WebFiling and had an authorised code could potentially have carried out the relevant actions.

Its investigation has established that certain information not usually published on the public register may have been visible to other logged-in users. Companies House says this includes dates of birth, residential addresses and company email addresses. It has also acknowledged that it may have been possible for unauthorised filings, such as accounts filings or director changes, to have been made on another company’s record.

What was not affected?

Companies House has also been clear about the limits of the issue. It says that passwords were not compromised, identity verification data such as passport information was not accessed, and existing filed documents already on the register could not have been altered.

It has further stated that it does not believe the issue could have been used to extract data in large volumes or access records systematically. On its account, any unauthorised access would have been limited to individual company records viewed one at a time by a registered WebFiling user.

How long may the issue have existed?

Companies House says its investigation indicates that the issue was introduced when its WebFiling systems were updated in October 2025. It has reported the incident to the Information Commissioner’s Office and the National Cyber Security Centre and says it is actively analysing its data for anomalies.

Our Corporate/Commercial team will be happy to discuss this further if you are concerned that your company may have been affected by this.

How long may the issue have existed?

Companies House says its investigation indicates that the issue was introduced when its WebFiling systems were updated in October 2025. It has reported the incident to the Information Commissioner’s Office and the National Cyber Security Centre and says it is actively analysing its data for anomalies.

Why does this matter for companies?

Even though Companies House has said it has no reports at this stage of data having been accessed or changed without permission, the issue is serious for businesses because of the nature of the information involved and the possibility of unauthorised filings.

For many companies, the immediate concern will be whether any information on their Companies House record is inaccurate, unfamiliar or has changed without authority. For directors, there may also be concern where residential addresses or other non-public information may have been visible.

What should companies do now?

The key message from Companies House is that businesses should check their registered details and filing history to make sure everything appears correct. In practical terms, companies should consider taking the following steps now:

  • Review the company’s Companies House profile and filing history carefully.
  • Check registered office details, officer details and recent filings for anything unexpected or inaccurate.
  • Escalate any unfamiliar filing, change or discrepancy promptly.
  • Retain evidence, including screenshots and internal records, if anything appears to be wrong.
  • Make sure the company’s internal teams and advisers are aware of the issue so that checks can be carried out promptly.

Companies House has said it will email every company’s registered email address with further details on how to check records and what steps to take if there are concerns. It has also said that, if a company has a concern, it should raise a complaint and include evidence describing the issue.

Our view

This incident is a reminder of how important it is for companies to monitor their public filings and maintain clear internal oversight of who is authorised to make filings on their behalf. While the investigation is ongoing, businesses should not wait for a further update before checking that their Companies House record is accurate.

Taking early, sensible steps now may help identify any issue quickly and reduce the risk of further complications.

Our Corporate/Commercial team will be happy to discuss this further if you are concerned that your company may have been affected by this.

Author bio

Andrew Hoad

Partner
A Corporate / Commercial Partner in our London city office, Andrew Hoad has over 23 years’ experience in dealing with all types of corporate transactions, including acquisitions and disposals, private and public equity fundraising and shareholder restructuring. During his career, he has worked as a corporate lawyer for firms including Nabarro Nathanson, as well as establishing boutique corporate law practices, where he has been involved in building impressive client rosters from scratch.

Disclaimer: The information on the Hugh James website is for general information only and reflects the position at the date of publication. It does not constitute legal advice and should not be treated as such. If you would like to ensure the commentary reflects current legislation, case law or best practice, please contact the blog author.

 

Next steps

We’re here to get things moving. Drop a message to one of our experts and we’ll get straight back to you.

Call us: 033 3016 2222

Message us