On 16th March 2026, Companies House published an update confirming that a security issue had affected its WebFiling service. According to the announcement, the issue meant that a logged-in WebFiling user could, by carrying out a specific sequence of actions, potentially view and amend certain details on another company’s record without that company’s authority.

Importantly, Companies House have stated this was not accessible to the general public. It required a user to be logged in to WebFiling and to have the relevant company authentication code.

The announcement states that the WebFiling service was closed at 1:30pm on Friday 13 March 2026 while Companies House investigated and fixed the problem, with the service being restored from 9:00am on Monday 16th March 2026 after independent testing. According to their investigation the issue appears to have been introduced in a system update made in October 2025.

The full Companies House update can be read using the following link: https://www.gov.uk/government/news/update-on-companies-house-webfiling-security-issue

What data may have been affected?

Companies House state that specific information from individual companies, not normally shown on the public register, may have been visible to other logged-in WebFiling users. This includes:

• Dates of birth
• Residential addresses
• Company email addresses

It also noted that it may have been possible for unauthorised filings to be made on another company’s record, such as the submission of accounts or changes to director details.

What Companies House says was not affected

Companies House has said that:

• Passwords were not compromised
• Identity verification data, such as passport information, was not accessed
• Documents already filed on the register, such as accounts or confirmation statements, could not be altered

What Companies House says about the scale of the issue

Companies House says it does not believe the issue could have been used to extract data systematically or in bulk. Its view is that any access would have been limited to individual company records, one at a time, by a registered WebFiling user.

It also states that at this stage it has it has no reports of data having been accessed or changed without permission, although its investigation is ongoing.

Actions you may wish to take

While Companies House have said they haven’t yet received any reports of data being accessed or changed without permission, if you are concerned you may have been affected we would recommend taking the following actions:

• Check your company record - you can review your filing history and current company overview through Companies House Find and update company information service. Please check all details to ensure everything appears correct and as expected.
• Review director and company changes - Pay particular attention to appointments, resignations, address changes, accounts, and confirmation filings.
• Limit who has access to your authentication code - ensure that only current, trusted individuals have access to the authentication code, treat it like a PIN.
• Escalate any suspicious filings or unauthorised information promptly - if you identify a filing or change that appears unauthorised, please notify your accountant immediately and raise a complaint with Companies House promptly and include as much supporting evidence as possible.

Final note

This post summarises the Companies House position as of 16 March 2026. As the investigation is ongoing, Companies House may issue further updates or guidance in the future.

If you have any concerns or would like to discuss this in more detail, please get in touch with your dedicated accountant, or contact us on 0113 5188800.

‍