US Patent and Trademark Office Notifies Filers of Years-Long Data Leak
At Ed White Law, we believe it is our responsibility to keep our clients and readers updated on the latest happenings in the world of Intellectual Property. A significant event has recently come to light that emphasizes the critical need for vigilance in protecting personal information in the realm of patent and trademark filing.
The U.S. Patent and Trademark Office (USPTO) revealed that they had inadvertently exposed about 61,000 filers' private addresses in a data spill that spanned over three years, from February 2020 to March 2023. This issue was discovered in one of the agency's APIs (Application Programming Interface), which is a tool used to check the status of pending and registered trademarks.
To better understand the issue, an API functions as a communicative tool between two entities on the internet, such as an app and a server. Not only was the data exposed through this channel, but it also appeared in bulk datasets published by the agency to assist academic and economic research.
As soon as the issue was discovered, the USPTO promptly took action. "When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented," a notice from the USPTO reads.
Delving further into the matter, USPTO spokesperson Paul Fucito elaborated, "As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently."
The agency accepted its mistake and promised to learn from it. “We regrettably failed to locate some of the more technical exit points and properly mask the data exported from those points. We apologize for our mistake and will do better to prevent such an incident from happening again, while also preserving our ability to crack down on the historic amount of filing fraud we’re seeing originate overseas,” the spokesperson added.
The data leak reportedly affected about 3% of the total number of applications filed during the three-year period. The USPTO confirmed that the issue was resolved on April 1 when domicile addresses were masked, and the API vulnerabilities were corrected. The notice further stated that the agency has no reason to believe that the data has been misused.
This incident serves as a reminder of the critical importance of securing personal and proprietary data, especially in a field as sensitive as intellectual property law. It emphasizes the need for the continuous evolution and enhancement of data security measures. At Ed White Law, we remain committed to safeguarding your intellectual property and personal data. We always strive to provide the most secure environment possible for your intellectual property filings and consultations.
Whether you're an existing client or seeking assistance with your intellectual property needs, rest assured that your security and confidentiality are our utmost priority. For any queries or concerns related to intellectual property law, please don't hesitate to reach out to us.