EXCLUSIVE: UK COMPANY REGISTRY HACK EXPOSES MILLIONS IN "SILENT" DATA BREACH LASTING MONTHS
A critical cybersecurity vulnerability at the UK's official Companies House registry left sensitive business data exposed for months in what experts are calling a catastrophic governance failure. The WebFiling service was abruptly taken offline after the flaw, potentially a zero-day exploit, was discovered, revealing information since October 2025.
This was not a typical ransomware attack but a silent, persistent data breach. Malware was not needed; the vulnerability itself acted as an open door. While officials claim no "malicious" activity was detected, the exposure period provided ample time for sophisticated phishing campaigns or data harvesting operations targeting corporate entities.
"An unpatched vulnerability in a national registry is a goldmine for threat actors," a senior cybersecurity analyst told us. "This data can be weaponized to craft impeccable executive phishing lures or to map corporate structures for more devastating attacks. The lack of crypto-ransom demands makes this more sinister—the data is likely already sold or stored for future exploit."
Every UK company and director is now at heightened risk. This breach undermines the foundational trust in a key government digital service and highlights a glaring gap in proactive blockchain security principles, where transparency and immutability are key, applied to public data stores.
We predict a surge in targeted business email compromise attacks stemming from this leak in the coming weeks. The database is a blueprint for fraud.
When the government's own company vault is left unlocked, no business is safe.
