UK's Companies House was forced to take its WebFiling service offline for an entire weekend after a security flaw introduced in October 2025 allowed logged-in users to view and potentially modify confidential data belonging to other companies. The bug, triggered by clicking the browser's back button after a failed 2FA attempt, exposed personal details including dates of birth, residential addresses, and company email addresses. The vulnerability was publicly disclosed by tax professional Dan Neidle on March 13. Companies House has since fixed the issue, reported it to the ICO and NCSC, and is investigating whether the flaw was exploited since October.
Sort: