US Patent & Trademark Office confirms years-long data leak
The US Patent and Trademark Office (USPTO) responsible for granting patents and trademarks, has confirmed that it unintentionally exposed the private addresses of about 61, 000 filers in a years-long data leak.
SAN FRANCISCO: The US Patent and Trademark Office (USPTO) responsible for granting patents and trademarks, has confirmed that it unintentionally exposed the private addresses of about 61, 000 filers in a years-long data leak.
In a notice sent to affected trademark applicants, the USPTO stated that their private domicile address -- often their home address -- inadvertently appeared in public records between February 2020 and March 2023, reports TechCrunch.
The problem was found in one of the USPTO's APIs, which allows apps used by both agency staff and filers to access a system for checking the status of pending and registered trademarks.
“When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented, ” the notice said.
The USPTO also mentioned that the address data was also found in bulk datasets that the agency publishes online to aid academic and economic research, the report said.
“As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently, ” USPTO spokesperson Paul Fucito was quoted as saying.
According to the USPTO, the data leak affected around 3 per cent of all applications filed during the three-year period.
The incident was resolved on April 1 after domicile addresses were masked and API vulnerabilities were fixed, the report mentioned.
Meanwhile, PharMerica, a leading pharmacy service provider in the US, which operates in more than 2, 500 facilities across the country and offers over 3, 100 pharmacy and healthcare programmes, has disclosed a data breach that compromised the personal information of nearly six million patients.