Most people think risk comes from hackers breaking in.
It doesn’t.
It comes from your data already being out there — in systems you don’t control.
This week, Companies House confirmed a five-month security flaw in its WebFiling system.
Dates of birth. Home addresses. Company email addresses. All are potentially visible to other logged-in users.
Unauthorised filings may also have been possible — changing directors, filing accounts, altering company records.
No sophisticated attack. Just access.
Here’s what most people miss:
▸ One dataset gives a name
▸ Another gives an address
▸ Another gives a pattern of life
By the time someone has three or four pieces, they don’t need anything else.
The groundwork for fraud, impersonation, harassment, or a physical approach is almost always laid this way — quietly, digitally, long before anything happens in the real world.
One piece of advice I give every client without exception:
Never use your personal home address when registering a business or taking on a directorship.
Always use a professional address — your solicitor, your accountant, or a reputable business address service. It’s a simple step that removes one of the most exploitable pieces of personal data from the public record before the risk even begins.
Physical security matters.
But if you’re protecting a principal and haven’t looked at their digital footprint, you’re working with half the picture.
Our Digital Exposure Assessment shows what exists, how it connects, and what it enables — seen through the eyes of someone who means harm.
Like vetting, it’s a snapshot of a moment in time.
Which is why our retained clients don’t stop there. We monitor continuously across the open, deep, and dark web — so their data is never left unguarded.
Most clients are genuinely surprised by what we find. And by how quickly things change.
You can’t protect what you haven’t seen.
And you can’t rely on a single look.
Company directors details exposed
