Tech | Visa | Scholarship/School | Info Place

USPTO confirms applicant address data leaked again

The federal government agency responsible for granting patents and trademarks is issuing an alert to thousands of applicants whose private addresses have been exposed after the second data breach in as many years.

In an email sent this week to affected trademark applicants, the U.S. Patent and Trademark Office (USPTO) said their private residence addresses (which can include home addresses) appear between August 23, 2023, and April 19, 2024 in public records.

U.S. trademark law requires applicants to provide a private address when filing with the agency to prevent fraudulent trademark applications.

The USPTO said that while no addresses appeared in a regular search on the agency’s website, about 14,000 applicants’ private addresses were included in a bulk data set posted online by the USPTO to aid academic and economic research.

Emails sent to affected applicants obtained by TechCrunch show the agency took responsibility for the incident, saying the addresses were “inadvertently exposed as we transitioned to a new IT system.” “Importantly, this incident was not the result of malicious activity,” the email said.

After discovering the security flaw, the agency said it “blocked access to the affected bulk dataset, deleted the files, implemented a patch to remediate the vulnerability, tested our solutions, and re-enabled access.”

If this sounds eerily familiar, the USPTO exposed similar applicant address data last June. At the time, the USPTO said it had inadvertently exposed the private addresses of about 61,000 applicants in a years-long data breach, in part by publishing its bulk data set and telling affected individuals about the issue has been resolved.

Deborah Stephens, deputy chief information officer at the USPTO, told TechCrunch in an interview on Wednesday that the new exposure is part of an effort to modernize the agency’s IT infrastructure.

“The fixes we put in place are all in place and still in effect,” Stephens said. “As we modernize decades-old standards and protocols and adopt legacy systems, systemic errors occur in the creation and modernization of batch data sets. in process.”

Stephens said the USPTO has implemented new checks when collating and publishing its bulk data sets, including “correction of errors in file creation,” which should prevent future leaks of personal information.

“We are looking at processes from traditional to modern to be able to identify ways to improve IT development, processing and delivery by taking a more holistic approach to data, particularly external or public systems,” Stephens said.

The USPTO told affected individuals that the agency had “no reason to believe” that the exposed addresses had been misused.

#USPTO #confirms #applicant #address #data #leaked

Leave a Reply

Your email address will not be published. Required fields are marked *