Companies House Data Breach: What It Means for Small Business Owners

A Complete Guide by Direct Assist – Chartered Certified Accountants

Published: 08 April 2026

Recent reports have revealed a serious security issue affecting Companies House, potentially exposing sensitive personal data of up to 5 million company directors.

While there is currently no confirmed evidence of widespread malicious activity, the scale of the issue has understandably caused concern among business owners and directors across the UK.

Although the vulnerability has now been fixed, this incident highlights an important point: even official systems are not immune to security risks. It also reinforces the need for business owners to regularly review and protect their own data.

1. What Actually Happened?

The issue stemmed from a flaw in the Companies House WebFiling system.

Users who were logged in could exploit a simple navigation loophole—by repeatedly pressing the browser “back” button—to access and even edit information belonging to other companies.

This exposed sensitive data, including:

• Director names
• Dates of birth
• Residential addresses
• Email addresses

In some cases, users could also:

• Modify company records
• Upload or delete company accounts
• Change director details

Importantly, this was not a sophisticated cyberattack, but rather a system vulnerability introduced during an update in October 2025.

2. What Action Has Been Taken?

Once the issue was identified, Companies House acted quickly:

• The WebFiling service was temporarily shut down
• An investigation was launched
• The vulnerability was fixed within a few days
• The system was restored and secured

Companies House confirmed:

• No passwords were compromised
• There is no evidence of widespread malicious use

An official apology was also issued, acknowledging the concern caused and reaffirming their commitment to data protection.

3. What Should You Do Now?

Even though the issue has been resolved, it’s important to take a proactive approach to your business data.

1. Review Your Company Records

Log into your Companies House account and ensure all your details are accurate and unchanged.

2. Check Your Filing History

Look for any unexpected filings or updates that you didn’t authorise.

3. Stay Alert

Be cautious of suspicious emails, calls, or requests for information—especially those claiming to be official.

4. Seek Professional Support

An accountant can help you monitor your records, spot irregularities, and ensure ongoing compliance.

4. Why This Matters for Your Business

This incident is a reminder that digital security is a shared responsibility.

Even if systems are managed by trusted organisations, it’s still essential to:

• Regularly review your data
• Keep records accurate and up to date
• Act quickly if something doesn’t look right

For small businesses, staying proactive can prevent small issues from becoming serious problems.

5. How We Can Help

At Direct Assist Accountants, we support business owners in staying compliant, organised, and protected.

We can help you:

• Review your company records
• Identify any discrepancies or risks
• Ensure compliance with Companies House requirements
• Provide ongoing advice and support

6. Stay One Step Ahead

While this breach has been resolved, it serves as an important reminder to stay vigilant.

Taking a few simple steps now can protect your business and give you peace of mind moving forward.