The federal agency responsible for granting patents and trademarks is warning thousands of applicants whose private addresses were exposed in the second data breach in recent years.
In an email to affected trademark applicants this week, the U.S. Patent and Trademark Office (USPTO) said that between August 23, 2023 and April 19, 2024, their private address (home (which may include addresses) have been entered into public records.
To prevent fraudulent trademark applications, U.S. trademark law requires applicants to include their personal address when filing documents with authorities.
The USPTO said that although the address did not come up in a regular search on the agency's website, about 14,000 people were listed in a large dataset the USPTO publishes online to support academic and economic research. It is said that the private addresses of the applicants were included.
The agency took responsibility for the incident and stated that the address was “inadvertently damaged when migrating to a new IT system”, according to an email to affected applicants obtained by TechCrunch. It was published in.'' “Importantly, this incident was not the result of malicious activity,” the email said.
Upon discovering a security flaw, authorities “blocked access to the affected bulk dataset, removed the file, implemented a patch to fix the breach, tested the solution, and re-enabled access.” I did,” he said.
While this may seem very nostalgic, the USPTO similarly exposed applicant address data last June. At the time, the USPTO inadvertently exposed the private addresses of approximately 61,000 applicants in a multi-year data breach, in part due to the release of a large data set, and the issue was resolved for affected individuals. He announced that he had said that.
When asked for comment on Wednesday, Deborah Stevens, the USPTO's deputy chief information officer, told TechCrunch that the new breach was discovered as part of the agency's efforts to modernize its IT infrastructure.
“All the modifications we made were in place and are still in place,” Stephens said. “We are modernizing and incorporating a legacy system of decades-old standards and protocols, and we encountered a system error while creating and modernizing a large data set.”
Stevens said the USPTO has introduced new checks to prevent future leaks of personal information when collating and releasing large data sets, including “correcting errors in file creation.”
“We are building a legacy-to-modern process to help identify how IT can be better developed, processed and delivered by taking a more holistic approach to data, especially external or public systems. “We're considering it,” Stevens said.
The USPTO told those affected that the agency has “no reason to believe” that the published addresses were misused.