Regulatory data breach

Companies House Data Breach Exposes Directors' Details

Analysis based on 7 articles · First reported Mar 13, 2026 · Last updated Mar 16, 2026

Sentiment

-60

Attention

Articles

Market Impact

Direct

Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard

Market Impact

The data breach at United Kingdom===Companies House has a negative market impact, raising concerns about data security and trust in the UK's corporate registration system. It could lead to increased scrutiny of government digital services and potentially impact the reputation of the United Kingdom as a safe place for business data.

Government services Financial services Information technology

Event Summary

United Kingdom===Companies House, the UK's official corporate register, temporarily shut down its online filing service due to a technical flaw that exposed sensitive personal details of company directors, including residential addresses, email addresses, and full dates of birth. The bug also created a risk of malicious users amending company records or uploading fraudulent accounts. The vulnerability was discovered by John Hewitt of Ghost Mail and subsequently reported to United Kingdom===Companies House by Dan Neidle of Dan Neidle. The incident affects over 5 million businesses, including major FTSE 100 firms like AstraZeneca, Tesco, and Shell plc, whose directors' data could have been compromised. Business groups, such as the Federation of Small Businesses, have expressed alarm, calling it a 'shocking breach' that could erode trust and prompt questions about the value of fees paid to United Kingdom===Companies House. The event marks another challenge for United Kingdom===Companies House, which recently gained new powers to improve data accuracy and combat misuse of the register.

Key Actions

100 United Kingdom===Companies House exposed sensitive personal details and risked fraudulent amendments

100 United Kingdom===Companies House exposed sensitive personal details of company directors

90 United Kingdom===Companies House shut down online filing service

90 United Kingdom===Companies House shut down its online filing service

80 Dan Neidle alerted United Kingdom===Companies House and warned public United Kingdom===Companies House

80 Dan Neidle alerted United Kingdom===Companies House about the vulnerability United Kingdom===Companies House

70 John Hewitt discovered vulnerability United Kingdom===Companies House

70 John Hewitt discovered a technical flaw United Kingdom===Companies House

+ 3 more actions View on Dashboard

Entities Involved

govactor

United Kingdom===Companies House

United Kingdom===Companies House, the UK's corporate register, experienced a significant technical flaw that exposed sensitive personal details of company directors and created a risk of fraudulent activity. This incident has led to the temporary shutdown of its online filing service and raised concerns about its reliability and the security of corporate data. The Federation of Small Businesses described the situation as a 'shocking breach' that could undermine trust in the system.

Importance 100 Sentiment -70

cnt

United Kingdom

The United Kingdom's corporate registration system, managed by United Kingdom===Companies House, has been compromised by a data breach, potentially affecting over 5 million businesses. This incident highlights vulnerabilities in national digital infrastructure and could impact the trust in the UK's regulatory environment for businesses.

Importance 60 Sentiment -20

per

Dan Neidle

Dan Neidle, founder of Dan Neidle, was alerted by John Hewitt about the United Kingdom===Companies House vulnerability and subsequently informed United Kingdom===Companies House. He also publicly warned company owners to check their details, playing a key role in disseminating information about the breach.

Importance 50 Sentiment 30

per

John Hewitt

John Hewitt, who runs Ghost Mail, discovered the vulnerability in United Kingdom===Companies House's system. His discovery was crucial in bringing the issue to light and prompting action from United Kingdom===Companies House.

Importance 30 Sentiment 20

ngo

Dan Neidle

Dan Neidle is the non-profit group founded by Dan Neidle, who played a significant role in alerting United Kingdom===Companies House and the public about the data breach. The organization is associated with the disclosure of the vulnerability.

Importance 20 Sentiment 20

ngo

Federation of Small Businesses

The Federation of Small Businesses reacted with alarm to the United Kingdom===Companies House breach, describing it as a 'shocking breach' that could undermine trust. Their communications director, Alan Soady, voiced concerns about the value small companies get for their fees.

Importance 20 Sentiment 0

stock

AstraZeneca

AstraZeneca is mentioned as one of the major FTSE 100 firms listed on United Kingdom===Companies House, meaning its directors' personal details could have been exposed due to the flaw. While not directly impacted, the incident raises concerns for all companies registered with United Kingdom===Companies House.

Importance 10 Sentiment -10

+ 5 more entities View on Dashboard

Relationships

United Kingdom related ↔ United Kingdom===Companies House

AstraZeneca related ↔ United Kingdom===Companies House

Tesco related ↔ United Kingdom===Companies House

Shell plc related ↔ United Kingdom===Companies House

John Hewitt related ↔ Ghost Mail

Dan Neidle related ↔ Dan Neidle

Alan Soady related ↔ Federation of Small Businesses

NEWSDESK

Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard