Companies House Plans Upgrades Following Five-Month Data Security Breach
Companies House has disclosed a software flaw that may have exposed user data over a five-month period. The error surfaced after an update made in October and affected the WebFiling service.
How the vulnerability worked
Investigators found the bug allowed a user to access and change parts of another company’s details. The access could be triggered by pressing the browser back button four times. The issue appears to have been caused by an application defect.
Immediate response and impact
WebFiling was taken offline for several days while teams investigated. All five million UK registered businesses were asked to check their online records and submission history. Companies House carried out rigorous testing before restoring the service.
Ongoing probe and accountability
Chief executive Andy King told the Business and Trade Committee that extensive analysis of system records is underway. No unauthorised changes have been confirmed so far, but investigations continue. He warned that anyone found to have made unauthorised filings will face firm action.
Why monitoring did not detect the issue
Early findings indicate the defect was not picked up during testing or peer review. Incident-monitoring and security controls are tuned to detect system failures and cyberattacks. Because this was a functional defect, those controls did not trigger.
Plans to strengthen systems
The registry, an executive agency of the Department for Business and Trade, is conducting a detailed lessons-learned review. It aims to improve processes and governance for future changes. The body hopes the episode will support requests for further funding to replace ageing technology.
- Review of change assurance and governance
- Investment in a security operations centre
- Developing a case for investment to modernise legacy applications
- Measures to prevent economic crime and protect companies and citizens
Filmogaz.com will continue to follow developments as Companies House progresses its review. The organisation says upgrades and strengthened security are central to reducing risk and preserving register value.
