Companies House flaw exposed five million directors and enabled company hijacking
Summary
Tax Policy Associates reported a major flaw in the Companies House WebFiling system that allowed access to private dashboards for any registered company by someone using their own login. The vulnerability could reveal home addresses and personal emails and may permit edits to company records or filing of accounts. Companies House temporarily shut the service for investigation, raising GDPR and data protection concerns and highlighting the need for robust authentication, logging, and incident response.