Cyber

US Patent and Trademark Office data leak exposed 61K private addresses

Trademark applicants' private addresses inadvertently appeared in public records between February 2020 and March 2023.

June 29, 2023

The interior of the USPTO headquarters in Alexandria, Virginia, in 2019. (Antony-22 / Wikimedia Commons)

The U.S. Patent and Trademark Office acknowledged Thursday that 61,000 private addresses of trademark applicants were inadvertently exposed in a years-long data leak between February 2020 and March 2023.

The trademark office said the data leak affected about 3% of the total number of trademark applicants filed during the three-year period and that the issue was fully fixed on April 1, without any data having been misused.

“Upon discovery, the USPTO reported the data exposure to the Department’s Senior Agency Official for Privacy and it’s Enterprise Security Operations Center, which in turn reported the exposure to the Department of Homeland Security. As you are aware, the USPTO also notified affected parties of the exposure,” a USPTO spokesperson emailed FedScoop.

“The USPTO has no reason to believe that the data has been misused,” the spokesperson added.

U.S. law requires trademark applicants to include their private address when submitting an application in order to combat fraudulent trademark filings.

The trademark office said in a notice sent to all those impacted by the data leak that by April 1 the issue had been fully fixed by properly masking all of the private addresses and correcting all system vulnerabilities found.

The trademark office said that in February it discovered that private domicile addresses that should have been hidden from public view appeared in records retrieved through some application programming interfaces (APIs) of the Trademark Status and Document Review system (TSDR). The APIs are used in apps by both agency staff and trademark filers to access the TSDR system for checking the status of pending and registered trademarks.

Some private addresses also appeared on the bulk data portal of the USPTO website.

The trademark office highlighted that as a federal government agency, the USPTO does not have the same reporting requirements as a private company or a state or local agency would and does have a process whereby those who do not want their address to be shown publicly can request that it is not made public or they can waive the requirement altogether.

Details of the USPTO leak were first reported by TechCrunch.

US Patent and Trademark Office data leak exposed 61K private addresses

More Like This

Security flaws in IRS systems pose risk to financial statements, GAO says

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Reimagining search: How AI and Google Search turbocharges patent examinations at USPTO

Top Stories

ACLU seeks AI records from NSA, Defense Department in new lawsuit

IRS touts Direct File usage, while mulling the future of the program

DHS launches safety and security board focused on AI and critical infrastructure

GSA welcomes nominations for advisory committee focused on federal transparency efforts

DOJ seeks public input on AI use in criminal justice system

DHS picks OMB official to lead its new AI Corps

More Scoops

USPTO issues guidance for AI use in applications and processes

U.S. Patent and Trademark Office announces $70 million contract for AI patent search tool

‘Human contributions’ are focus of inventorship analysis in AI age, patent office says

USPTO CIO says AI adoption is held back by government culture and bureaucracy

Patent and Trademark Office looks to bring faxing to the cloud

US Patent Office eyes using AI to improve ‘prior art’ searches

AI could have new role in speeding up US patent process

Latest Podcasts

US Patent and Trademark Office data leak exposed 61K private addresses

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition