"The flaw - which appears to have arisen during a WebFiling update last year - was never accessible to the general public and only logged-in users in possession of an authorised code could have exploited it, Companies House pulled WebFiling offline at lunchtime on Friday 13 March in order to investigate and remediate."
"Companies House found the data exposed included dates of birth, residential addresses and company addresses. It also discovered that it may have been possible for people to make unauthorised actions - such as changing directors or even filing accounts."
"I recognise that this incident will have caused concern and inconvenience to many of the companies and individuals who rely on our services. I am sorry for that. Companies House takes its responsibility to protect the data entrusted to us extremely seriously."
Companies House, the UK's business registrar, identified and remediated a previously-unknown cybersecurity vulnerability in its WebFiling service that originated during a system update. The flaw exposed sensitive information including dates of birth, residential addresses, and company addresses to authorized logged-in users. The vulnerability potentially allowed unauthorized modifications such as changing directors or filing accounts, though identity verification credentials and existing documents remained secure. Companies House immediately took the service offline and restored it after investigation. The incident was reported to the Information Commissioner's Office and National Cyber Security Centre. Leadership urged affected companies to verify their registered details and filing history.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]