Last Friday (13 March), a security breach was identified with Companies House WebFiling service and, as a result, it was immediately shut down.
According to recent reports, the issue originated from a system update in October and remained undetected for several months.
During this time, vulnerabilities in the WebFiling system may have allowed users to access sensitive information including directors’ dates of birth, residential addresses and email details, and potentially submit unauthorised changes to company records.
While there is currently no confirmed evidence of widespread malicious exploitation, businesses are being explicitly encouraged to check their company details and filing history to ensure all information remains accurate and unchanged.
In light of this incident, Hillier Hopkins recommends that all clients carry out a prompt review of their Companies House records, including:
- Verifying that director and company information is correct and up to date
- Reviewing recent filings to confirm no unauthorised changes have been made
- Checking registered email addresses and contact details
- Ensuring internal controls around company secretarial access are robust
This incident highlights that even official platforms can be exposed to system weaknesses, reinforcing the importance of regular data checks and strong governance over company information.
If you have any concerns about your company data or would like support in carrying out a review, please contact your usual Hillier Hopkins adviser.
A simple check now could prevent significant issues later.
