Corporate ID Theft – Companies House

Corporate ID theft has become a large topic in the USA recently. IT World published an article about two American lawyers who exploited the online filing system to steal dormant companies. These lawyers reinstated the companies and then either took out loans on their account or sold shares. The estimated damage is $100 million.

What about Companies House in the UK? Is it more secure than US filing systems? It turns out that it uses post instead of email for companies’ passwords. But it will send you the current password in plaintext.

Read about reasons why passwords should always be stored cryptographically protected.

Companies today are obliged to register and make pretty much all changes to their status online. The problem this causes is twofold:

These company-wide accounts are protected by just a password.
The accounts are checked infrequently: for many companies, statutory obligations are usually only once a year and there is not much else to do.