In the United States, a federal government agency that issues patents and trademarks has confirmed information that this organization inadvertently disclosed the personal addresses of about 61 thousand applicants.
The transition of data from the confidential category to the public category occurred as a result of a data leak that lasted several years.
The US Patent and Trademark Office (USPTO) has sent notices to trademark applicants that their official residence addresses, in many cases permanent residence, appeared in public records between February 2020 and March of this year. The agency insists that the incident is not its deliberate effect.
The current norms of American law provide that persons who apply for a trademark must indicate their address. The existence of this rule is justified by the fight against fraudulent applications.
The USPTO reports that the problem was discovered in one of its APIs, which allows applications to access the system to check the status of incomplete and registered trademarks. This access applies to agency employees and applicants.
The USPTO also reported that information about personal addresses appeared in massive data sets that the agency publishes on an online platform to help conduct academic and economic research.
One of the applicants reported that after the problem was discovered, access to all non-critical USPTO APIs was restricted and the affected mass data processing products were disabled.
USPTO representative Paul Fucito said that in 2020, the agency made a voluntary decision to conceal information about addresses, the use of which is provided by law. He stated that this was done as part of efforts to protect data that the public has access to.
Paul Fucito admitted that the agency failed to identify the most technical exit points and disguise the information that is exported from these points. He apologized for the mistake and said that all necessary measures would be taken to prevent a repeat of such an incident. Also, according to him, the agency will continue to fight registration fraud, the intensity of which reaches historical figures.
The USPTO claims that the data leak affected about 3% of the total number of applications that were filed within three years. The agency states that the incident was resolved in April when the addresses were masked and API vulnerabilities were fixed. The USPTO claims that there is no reason to allow the possibility of misuse of data that has become publicly available.
As we have reported earlier, China’s Central Bank Warns Against ChatGPT Data Leaks.
