US Patent and Trademark Office confirms another leak of filers' address data | TechCrunch

🌈 Abstract

The article discusses a data breach at the U.S. Patent and Trademark Office (USPTO) where the private addresses of thousands of trademark applicants were inadvertently exposed in public records.

🙋 Q&A

[01] Data Breach at USPTO

1. What happened at the USPTO?

• The USPTO, the federal agency responsible for granting patents and trademarks, exposed the private domicile addresses (including home addresses) of around 14,000 trademark applicants in public records between August 2023 and April 2024.
• This happened as the USPTO was transitioning to a new IT system, and the addresses were "inadvertently exposed" in bulk datasets published online for academic and economic research.
• This is the second such incident, as the USPTO had a similar exposure of about 61,000 applicants' private addresses last June.

2. How did the USPTO respond to the incident?

• The USPTO took responsibility for the incident, stating that it was not due to malicious activity.
• Upon discovery, the agency blocked access to the impacted bulk data set, removed the files, implemented a patch, and re-enabled access.
• The USPTO's deputy CIO stated that the agency has put in place new checks when collating and publishing its bulk data sets to prevent future spills of personal information.

3. What was the impact of the data breach?

• The USPTO stated that they have "no reason to believe" the exposed addresses have been misused.
• However, the exposure of private addresses, which are required to be included in trademark filings to prevent fraud, poses a potential risk to the affected individuals.

[02] Modernization of USPTO IT Systems

1. How is the USPTO addressing the issue of data exposure?

• The USPTO stated that the latest data exposure incident was discovered as part of the agency's efforts to modernize its IT infrastructure.
• The deputy CIO mentioned that the agency is taking a "holistic approach" to its data and externally/publicly facing systems to identify ways to improve its IT development, processing, and delivery.
• This includes implementing "error correction with file creation" when collating and publishing bulk data sets to prevent future personal information leaks.

2. What challenges is the USPTO facing in its IT modernization efforts?

• The deputy CIO acknowledged that the "system error happened in the creation and modernization of that bulk data set" as the agency was transitioning from its legacy systems to new IT standards and protocols.
• This suggests that the complexity of modernizing the USPTO's IT infrastructure may have contributed to the data exposure incidents.

</output_format>