The U.S. Patent and Trademark Office (USPTO) has disclosed a second occurrence of a data leak involving the private addresses of approximately 14,000 trademark applicants.
This recent exposure comes after a similar incident last year that compromised the addresses of about 61,000 applicants. The leaks were attributed to the transition to a new IT system aimed at modernizing the agency’s infrastructure.
Despite assurances that the issue had been resolved after the previous incident, the same type of data spill reoccurred, affecting records dated between August 23, 2023, and April 19, 2024.
Detailing the Data Leak
USPTO requires applicants to provide a private domicile address during the filing process to prevent fraudulent activities. The leaked addresses, however, were not accessible through regular searches on the USPTO’s website but were instead included in bulk datasets published online to support academic and economic research. After discovering the breach, the USPTO acted promptly by blocking access to the affected datasets, removing the files, and implementing a corrective patch to secure the data.
In a communication to the impacted individuals, the USPTO took responsibility for the breach, clarifying that it was not due to malicious activity but rather an inadvertent exposure during the IT system overhaul. The email highlighted the agency’s immediate response to mitigate the situation by testing and re-enabling the secured access.
Deborah Stephens, the deputy chief information officer of USPTO, elaborated on the circumstances leading to the recent leak. According to Stephens, the new exposure was uncovered during ongoing efforts to upgrade the agency’s legacy systems. She reassured that the measures put in place previously remain effective, but the recent incident occurred due to an error in creating and modernizing the bulk datasets.
Stephens further explained that the agency has introduced additional safeguards in its data handling processes, including error correction during file creation. These enhancements aim to prevent future data exposures as the agency continues to refine its IT development and data management practices, focusing on a holistic approach to modernizing its systems and securing externally facing systems.
The USPTO has informed the affected parties that there is no indication that the exposed personal information has been misused. The agency remains committed to enhancing its security measures as it progresses with its IT infrastructure modernization.
Related News:
Featured Image courtesy of PAUL J.RICHARDS/AFP via Getty Images