Cropped top view of male hands, man typing on laptop keyboard,

Companies House data breach: millions of UK businesses potentially exposed

A security flaw at Companies House may have exposed sensitive company and director information. 

The issue, linked to a technical error in its WebFiling system, has now been fixed. However, with investigations still ongoing, businesses are being urged to check their records and stay alert. 

What happened in the Companies House data breach?

Companies House has confirmed that a flaw in its WebFiling service allowed logged-in users to: 

  • View certain details linked to other companies
  • Potentially amend elements of company records without authorisation. 

The issue appears to have been introduced during a system update in October 2025 and may have remained in place for several months before being identified.  

What data may have been exposed?

According to Companies House, the data that may have been visible includes: 

  • Directors’ dates of birth
  • Residential addresses
  • Company email addresses. 

It has also acknowledged that unauthorised filings — such as director changes or company updates — may have been possible in certain circumstances.

Companies House has said there is currently no evidence that passwords or passport details were compromised, and no confirmation that data was actually misused. However, investigations are ongoing. 

Why this is a significant data protection failure

This is not just another isolated data incident. Companies House is the UK’s official corporate register, holding records for more than 5 million companies — from small limited businesses through to major listed firms. 
That changes the risk profile. 

If access controls fail within a system like this, even briefly, it raises wider concerns about:

  • Sensitive personal data linked to company directors
  • The accuracy of company records
  • The reliability of filings relied on by lenders, investors and regulators. 

Even the possibility of unauthorised changes raises concerns about how those records could be relied upon during the affected period. 

Regulatory involvement and next steps

Companies House has referred the incident to both:

  • The Information Commissioner’s Office (ICO)
  • The National Cyber Security Centre (NCSC). 

It has also said it will contact companies directly and is analysing data to identify any irregularities. At this stage, the full impact is still being assessed. 

What businesses should do now

If your business is registered with Companies House, it is worth taking some simple steps:

  • Review your company records and recent filings
  • Check for any unexpected changes to director or company details
  • Monitor communications from Companies House
  • Raise concerns if anything appears incorrect. 

Even if no issues are immediately visible, staying alert is important while investigations continue.

Could this lead to legal action?

At the moment, there is no confirmed group action linked to this incident. However, as with many data-related events, that position can evolve.

If it becomes clear that individuals or businesses suffered loss, distress or unauthorised data exposure, there may be grounds for further investigation.

At Join the Claim, we monitor developments like this closely. If this situation develops further, we will continue to provide updates — and help you understand what your options might be. 

This information is for general guidance only and does not constitute legal or financial advice.

Found this helpful? Share it

Facebook
Twitter
WhatsApp
LinkedIn
Email

Or

You may also like:

  • Environment, News, Vehicle

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.
  • Data Breach, Financial, News

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.
  • News, Vehicle

Jaguar Land Rover DPF claims vs. dieselgate: What you need to know

Confused about Jaguar Land Rover DPF claims vs. Dieselgate? Learn the key differences, legal actions, and how to check if you qualify for compensation.

Latest news & insights

See more

Low-angle view of people walking in a city, symbolising unity and collective action, related to key facts about group litigation for seeking justice.
  • News

10 must-know facts about group litigation for first-time claimants

Discover 10 essential facts about group litigation for first-time claimants. Learn how joining a group...
  • News, Travel

How to claim compensation for flight delays or cancellations in the UK

Delayed 3+ hours or had a cancelled flight? You could claim up to £520 under...
There is a notebook with the word Opt out.
  • News

Billions in compensation is on the table, don’t miss out on your share

Massive UK collective actions could return billions to consumers, yet awareness remains low. Discover the...
What is dieselgate, and how does it affect drivers in the UK?
The global ‘dieselgate’ scandal started back in 2015, when the US Environmental Protection Agency discovered Volkswagen Group had been selling cars with illegal emissions-cheating software. The software could detect when a vehicle was undergoing emissions…
There is sticky note with the word Opt out.
Finding opt-out claims just got easier
Join the Claim is bringing together major UK opt-out collective actions so consumers can check what claims exist and whether they could be affected.
Tax 2026 in calculator on documents. calendar with coral calculator and pins on gray background, tax payment, financia
Stay scam-safe: avoid HMRC phishing emails
Protect yourself from HMRC phishing emails during tax return season. Learn to spot scams, safeguard your personal info, and avoid falling victim to fraud.
The rise of group action claims in the UK
Class actions have long been popular in the United States, tackling everything from consumer rights infringements to environmental damage. However, corporate wrongdoing transcends geographical boundaries, and while the UK has historically been less litigious than…
People shopping inside Westfield shopping centre
Westfield warns customers after loyalty database cyber breach
Westfield has warned customers after a cyber attack exposed personal information linked to its loyalty programme and newsletter database.
Anxious young woman holding a credit card and staring at a tablet concerned about bank app glitch
Lloyds banking app glitch affected nearly 450,000 customers
Lloyds says a software defect caused a banking app glitch that affected up to 447,936 customers.
Metal credit card Mastercard Macro
Mastercard £200m settlement approved but payouts delayed
Millions of UK consumers could receive £45–£70 after the £200m Mastercard settlement.
Mobile Fraud Alert, Phone scam ads, Online Warning. Spam Distribution or Malware Spreading Virus - mobile fraud alert warning notification.
Scam alert update: March 2026
Stay alert this March with the latest scam warnings from Join the Claim
person holding a phone, social media
Social media addiction verdict sparks debate about platform design in the UK
The US verdict against Meta and YouTube is already prompting debate among UK researchers, policymakers and regulators about addictive platform design and child safety.
image of March 2026 calendar and the Join the Claim Logo
What we’ve been working on at Join the Claim in March
Get a round-up of what we’ve been working on this month at Join the Claim, including new claims and updates.
In this photo illustration Apple and Amazon logos are seen on a mobile phone and a computer screen. select focus
Apple and Amazon face £900 million claim over Apple and Beats product sales
A new UK competition claim alleges Apple and Amazon restricted third-party sellers of Apple and Beats products, potentially leading to higher prices for consumers.
Hand Holding Smartphone Shows Social Media
US jury rules against social media giants in addiction case
A US jury has found Meta and YouTube liable in a landmark social media addiction case, awarding $6m in damages.
Moving high-speed train
Train delay compensation changes: what the new rules mean for passengers
New plans could make Delay Repay claims simpler. Here’s what’s changing and what it means for passengers.
man hand hold smartphone and use social media network application
MPs reject social media ban for under-16s as regulators warn tech giants over child safety
MPs have voted against banning under-16s from social media, but UK regulators are increasing pressure on platforms to strengthen child safety protections.
Woman At Home Boiling Kettle For Hot Drink With Smart Energy Meter In Foreground
Smart meter problems: the new 90-day rule that could mean £40 compensation
New rules give energy suppliers 90 days to fix faulty smart meters — and customers could receive £40 compensation if they fail.

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 32 Eyre Street, Sheffield, England, S1 4QZ

© Join the Claim All Rights Reserved |

2026
Go to claims