Overview
- Companies House said it closed the online portal to investigate the issue and apologised to users.
- The reported exploit let a user enter another company’s number and use the browser back button to bypass an authentication code.
- Reporting says directors’ personal details, including home addresses, emails and full dates of birth, could be viewed or altered.
- Dan Neidle of Tax Policy Associates flagged the flaw after a tip from John Hewitt at corporate services provider Ghost Mail.
- The register holds records for more than five million firms, including major FTSE companies, raising concerns about fraud and false filings.