Companies House has temporarily taken its WebFiling service offline after discovering a security vulnerability that may have allowed logged-in users to view and modify another company’s confidential records, prompting increased scrutiny of government digital services.
Companies House has apologised after taking its WebFiling service offline over a security flaw that may have allowed authenticated users to view and alter another company’s records. The agency said the problem was identified on 13 March and traced back to an update introduced in October 2025, prompting a weekend shutdown while engineers repaired the system and carried out further testing. Computer Weekly reported that the service was brought down at lunchtime on Friday 13 March and later restored once the fix had been validated.
The issue came to light after a corporate services worker, John Hewitt, found a way to expose private information and raised the alarm through tax campaigner Dan Neidle, after struggling to reach the registrar directly. According to the account published by PR News Blog and corroborated by later professional updates, the flaw could be triggered by navigating back through the browser while logged into WebFiling, allowing access to another company’s non-public director information. Companies House said there was no evidence that passwords were compromised, identity-verification documents were exposed or filed documents were altered.
The potential impact was significant because WebFiling is used by millions of UK companies to submit accounts, confirmation statements and director changes. Professional bodies including ICAEW, ICAS, the Chartered Governance Institute and ACCA warned companies to review their filing histories and registered details for any irregularities, and to contact Companies House if anything looked amiss. Companies House said it had informed the Information Commissioner’s Office and the National Cyber Security Centre, while stressing that the flaw did not allow unrestricted bulk extraction of data and could only be used by logged-in users one record at a time.
The incident also underlines the pressure on public digital services as Companies House rolls out reforms linked to the Economic Crime and Corporate Transparency Act 2023. That legislation was meant to strengthen the integrity of the register and reduce misuse by shell companies, yet the security lapse emerged from the same wave of system changes. The regulator’s public apology acknowledged concern and inconvenience, but the episode is likely to intensify scrutiny of how quickly government platforms are being modernised, and whether security checks are keeping pace.
Source Reference Map
Inspired by headline at: [1]
Sources by paragraph:
Source: Noah Wire Services
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
5
Notes:
The article was published on April 27, 2026, reporting on a security issue identified on March 13, 2026. The earliest known publication date of similar content is March 16, 2026, with reports from ICAS and Companies House. ([icas.com](https://www.icas.com/news-insights-events/news/practice/companies-house-issues-security-statement-regarding-webfiling-security-issue/?utm_source=openai)) The narrative appears to be based on a press release, which typically warrants a high freshness score. However, the delay in reporting raises concerns about timeliness. The article includes updated data but recycles older material, which may affect its freshness.
Quotes check
Score:
4
Notes:
The article includes direct quotes attributed to John Hewitt and Dan Neidle. However, no online matches were found for these quotes, making independent verification challenging. The absence of verifiable quotes raises concerns about the authenticity of the information presented.
Source reliability
Score:
3
Notes:
The article originates from PR News Blog, a niche publication with limited reach. The lead source appears to be summarising content from other publications, including ICAS and Companies House. This aggregation raises questions about the originality and independence of the content. The reliance on a single, less reputable source diminishes the overall reliability of the article.
Plausibility check
Score:
6
Notes:
The article reports on a security issue with Companies House’s WebFiling service, which has been covered by other reputable outlets. However, the lack of supporting detail from other reputable sources in this specific article raises concerns about its credibility. The absence of specific factual anchors, such as names, institutions, and dates, further diminishes the article’s trustworthiness.
Overall assessment
Verdict (FAIL, OPEN, PASS): FAIL
Confidence (LOW, MEDIUM, HIGH): HIGH
Summary:
The article exhibits significant issues with freshness, source reliability, and verification independence. The reliance on a single, less reputable source, the lack of independently verifiable quotes, and the use of aggregated content without original reporting raise substantial concerns about its credibility. The absence of supporting detail from other reputable outlets further diminishes trustworthiness.