Companies House has confirmed a security issue affecting its WebFiling service, which may have allowed logged-in users, in limited circumstances, to view or change certain details of other companies without consent. The issue was identified on 13 March 2026, the service was taken offline while it was investigated, and WebFiling has since been restored following independent testing.

What information may have been affected

According to Companies House, the issue may have exposed information not normally publicly available, including:

  • directors’ dates of birth
  • residential addresses
  • company email addresses

It may also have been possible for unauthorised filings, such as changes to director details or accounts, to have been made on another company’s record.

Companies House has been clear that:

  • passwords were not compromised
  • identity verification data (such as passport information) was not accessed
  • existing filed documents, including accounts and confirmation statements, could not be altered.
What Companies House is doing

The incident has been reported to the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC). Companies House is analysing its systems for anomalies and is contacting companies to explain how to check their records and raise concerns.

Actions for boards and senior leaders

Companies House is asking all organisations to take the following steps:

  • Check registered company details to ensure all information is correct
  • Review filing history to confirm no unauthorised filings have been made
  • Report any concerns to Companies House with supporting evidence if discrepancies are identified

For boards, this is also a timely reminder of the importance of oversight of statutory filings, clear ownership of compliance responsibilities, and independent assurance over key governance risks.

How TIAA can help

TIAA supports organisations by providing independent assurance and practical insight over governance, risk and compliance arrangements.

We can help you:

  • Review governance and control arrangements around statutory and regulatory filings
  • Assess risk management and assurance frameworks, including how emerging risks are identified and monitored
  • Provide internal audit and advisory support to give boards confidence that controls are operating as intended
  • Strengthen oversight and reporting, helping senior leaders demonstrate effective governance

Our work is proportionate, sector aware and focused on helping organisations gain confidence, not just compliance.

If you would like to discuss how this issue relates to your organisation, please speak to our team.