The federal government agency responsible for granting patents and trademarks is alerting thousands of applicants whose private addresses have been exposed following a second data breach in as many years.
The United States Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private home address – which may include their home address – was listed in public records between August 23, 2023 and April 19, 2024.
U.S. trademark law requires applicants to include a private address when filing their documents with the agency to avoid fraudulent trademark filings.
The USPTO said that although no addresses appeared in regular searches on the agency’s website, approximately 14,000 applicants’ private addresses were included in bulk data sets that the USPTO publishes online for facilitate academic and economic research.
The agency was blamed for the incident, saying the addresses were “inadvertently exposed during the transition to a new IT system,” according to the email to affected applicants, obtained by TechCrunch. “It is important to note that this incident is not the result of malicious activity,” the email said.
After discovering the security breach, the agency said it “blocked access to the affected bulk data set, deleted files, implemented a patch to correct the exposure, tested our solution and re-enabled the ‘access “.
If this sounds remarkably familiar, the USPTO had a similar exposure of applicant address data last June. At the time, the USPTO said it inadvertently exposed the private addresses of about 61,000 applicants during a years-long data breach, thanks in part to the release of its data sets in bulk. , and informed those affected that the problem had been resolved.
When reached for comment on Wednesday, Deborah Stephens, the USPTO’s deputy chief information officer, told TechCrunch that the new exhibit was discovered as part of the agency’s efforts to modernize its IT infrastructure.
“The fix we had in place was fully in place and remains in place,” Stephens said. “As we modernize and revert to legacy systems from decades of standards and protocols, a system error occurred while creating and modernizing this mass data set. »
Stephens said the USPTO has implemented new controls when collecting and releasing its bulk data sets, which include “correcting errors during file creation,” which should prevent future leaks of personal information.
“We are looking at our traditional process to be able to identify ways in which we can improve our IT development, processing and delivery by taking a more holistic approach to our data, and particularly external or public systems. “Stephens said.
The USPTO told those affected that the agency had “no reason to believe” that the exposed addresses had been misused.
techcrunch
