Serious security holes in the website of Companies House - the UK database of corporate information - have exposed sensitive data and create the risk of corporate identity theft, security consultants warn. The UK government agency maintains that alleged security flaws identified by researcher Paul Moore are either in the process …
"Nerve centre of British business open to scams"
How very appropriate.
You're assuming that Companies House sees the protection of record validity as one of their tasks. Well, I have a surprise for you there - when I was dealing with a case of someone maliciously (unauthorised) changing corporate details so his mate at the bank could hand over funds by closing the company account and making out a cheque to the "owner", Companies House told me that it wasn't their job to ensure accuracy or even test validity of an entry - they merely keep the records (and thus allowed that change, and thus enabled the bank employee to hand over company funds to someone who wasn't even on the account mandate).
You see, the trick here is that although illegal changes to company records is a criminal offence, Companies House will not lift a finger - it is your job to convince the police to take action. As the police is not interested unless it's about serious money, you are then left with civil procedures but that needs the money your bank has just handed off..
(rest of story omitted, I think I'll turn that into a book)..
Re: False assumptions?
I look forward to the book ;)
It's a good point though; which makes it all-the-more important to ensure that nobody can change details without authorisation.
Thank you John for publishing this story.
Re: False assumptions?
In my experience, (just a paperback really), the important thing to consider that will stifle your expectations, is that Companies House's get-out clause is that they are merely record keepers. Therefore, it's up to you to pursue anything that seems untoward.
Yes, it is true that they can 'fine' companies for late annual returns and eventually dissolve them, but don't expect anything else. For instance, they will not protect you from someone registering a company name that infringes a trade mark – that's not what they do. You're very much on your own. Do your own detective work, hence the icon.
Be careful what you wish for!
Next thing you know, the Companies House online service gets migrated into the Government Gateway...
Sounds like its a lot easier to hack that it is to use.
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- Peak Facebook: British users lose their Liking for Zuck's ad empire