If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Companies House in the UK briefly turned its own corporate register into a self-service fraud toolkit. A vulnerability in the dashboard of the UK’s official business registry let anyone access other companies’ private records by pressing the back button, no hacking required. Directors’ home addresses, email addresses, and dates of birth were all sitting there, readable and editable by anyone who knew where to look. Companies House is the government body where every limited company must register to legally exist. It holds the official record of who runs Britain’s businesses, including the personal details of every director. When you incorporate a company in the UK, your information goes into this register. There is no opt-out. The timing is what makes this even more interesting. Since November 2025, all directors in the UK have been legally required to verify their identity through GOV.UK One Login to act in their roles, feeding passport scans, biometric data, and government credentials into the same Companies House infrastructure. That’s the system whose dashboard just handed out private director records to anyone pressing the back button. Dan Neidle, founder of Tax Policy Associates, flagged the issue to Companies House on Friday. He was blunt about what the flaw made possible. “People could get enough data about a company and its directors to potentially commit fraud, to pretend to be it,” he told the Press Association. The risk wasn’t just passive exposure. Someone with access could update a company’s registered address to their own, intercepting official correspondence and documents. “If you could file accounts,” Neidle added, “you could do all kinds of damage.” Home addresses and dates of birth are the building blocks of identity fraud. Directors registered this information with Companies House under legal obligation, trusting that the government body safeguarding it had secured it properly. That trust had a back button. Neidle noted the window of exposure matters enormously. “If it was only there for 36 hours, then maybe it’s fine,” he said. “But if it was there for a month or more, it’s very serious.” He pointed to an uncomfortable benchmark: “Security researchers say 15 days is the average time it takes for a vulnerability to be exploited, and this was a particularly easy vulnerability with no hacking required.” Most data breaches require technical sophistication. This one required a browser. Companies House shut down the WebFiling service on Friday evening. A spokesperson said: “We are aware of an issue with our WebFiling service and have closed it while we investigate. We apologise for any inconvenience to our customers.” The agency told affected businesses to file as soon as the service returns, document any error messages with timestamps, and wait for their evidence to be reviewed against missed deadlines. What Companies House has not said is how long the vulnerability existed, how many records were accessed, or whether anyone exploited it before Neidle’s report. This is the system the UK government wants to scale up nationally. Prime Minister Keir Starmer announced a digital ID scheme in September 2025, planning to introduce it by the end of the parliamentary term in 2029. The government is developing two related services: GOV.UK One Login, a unified account system replacing over 190 separate government logins, and a GOV.UK Wallet app for storing government-issued documents like driving licences. Biometric data. Passport scans. Facial recognition. All centralized. All linked. All managed by the same government infrastructure that just exposed director records through a back button. Over time, the digital ID system is expected to serve as a single access point for government services, including benefits, tax records, and official interactions, potentially eliminating the need for physical documents or multiple logins. The convenience pitch is familiar. So is what gets sacrificed for it. The GOV.UK One Login system sitting at the core of this expansion, already has a documented security record. Security tests revealed the system allows bad actors to gain access without detection, and it scored only 21 out of 39 in its Cyber Assessment Framework tests. An internal exercise found the system may already have been compromised without detection and potentially contain malware, core work was outsourced overseas, including to Romania, individuals who raised alarms about data and process failures were allegedly silenced, and the system even lost its official trust framework certification. The government’s response has been to keep spending. The project has been compared to “Post Office Horizon all over again,” a reference to the UK’s most notorious recent IT scandal, in which a flawed computer system sent dozens of innocent postal workers to prison. The government is not learning from its mistakes. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Britain’s Business Registry Left Director Data Wide Open — Yet the Government Is Still Building a National Digital ID appeared first on Reclaim The Net.