USPTO has acknowledged yet another incident in which the filers' address data was leaked.
Following a second data breach within two years, the federal agency responsible for patent and trademark grants notified thousands of filers whose private addresses were exposed.
Japan Addresses Severe Data Science Talent Shortage with 17 New University Departments (Photo: Image via Canva)
Admitting Oversight in IT Transition
The USPTO recently admitted to another breach involving filers' address data exposure. As a result, the USPTO is now reaching out to thousands of affected filers to inform them about the breach and its potential implications.
In an email sent to affected trademark applicants this week, the US Patent and Trademark Office (USPTO) revealed that their private domicile addresses, including home addresses, were visible in public records from August 23, 2023, to April 19, 2024.
In compliance with U.S. trademark regulations, applicants are mandated to provide a private address when submitting paperwork to the agency, a measure aimed at preventing fraudulent trademark applications.
According to USPTO, although addresses were not visible in routine searches on the agency's website, approximately 14,000 applicants' private addresses were included in large datasets published by USPTO online, intended to support academic and economic research efforts.
The agency accepted responsibility for the incident, attributing the exposure of addresses to an unintentional oversight during the transition to a new IT system. The email addressed to affected applicants emphasized that the incident was not caused by malicious intent.
After identifying the security lapse, the agency immediately blocked access to the affected bulk data set, removed files, implemented a patch to address the exposure, conducted thorough testing of the solution, and restored access.
USPTO's Past Data Spill
If the recent data exposure incident feels like déjà vu, the USPTO faced a similar situation last June. Back then, the agency admitted to unintentionally revealing the private addresses of around 61,000 applicants spanning several years through distributing bulk datasets.
While the USPTO reassured those impacted that corrective measures were taken, this recurrence underscores ongoing concerns about data security and privacy protection.
According to Deborah Stephens, USPTO's deputy chief information officer, the recent data exposure was uncovered during the agency's ongoing efforts to update its IT infrastructure. Stephens clarified through TechCrunch that the necessary fixes had been implemented and remained in effect.
She explained that the error occurred during the creation and modernization of the bulk data set, which involved transitioning from legacy systems to updated standards and protocols.
To prevent similar incidents in the future, USPTO has implemented new procedures for compiling and publishing bulk data sets, including error correction during file creation.
Stephens emphasized that these measures aim to enhance IT development, processing, and delivery by adopting a comprehensive approach to data management, particularly concerning externally accessible systems.
The USPTO reassured those affected by the data exposure, stating that they had not found evidence indicating that the disclosed addresses had been misused.
However, they emphasized the importance of remaining vigilant and encouraged individuals to report any suspicious activity.
