On May 9, 2024, the US Patent and Trademark Office (USPTO) acknowledged a data leak resulting in the USPTO’s exposure of the private addresses of roughly 14,000 applicants. These addresses have been publicly accessible from August 23, 2023, to April 19, 2024. The addresses were viewable in the USPTO online published data sets, which are mostly used by academics and researchers.
This is the second data leak in the last two years. Back in June 2023, the agency admitted to exposing the private addresses of approximately 61,000 applicants between 2020 and 2023. During this time, private addresses appeared in records through the search of the USPTO’s Trademark Status and Document Review system (TSDR).
USPTO Response and Effects on Applicants
USPTO indicated that the data breach took place as a result of the agency’s transitions to a new IT system, and assured applicants that the incident was inadvertent. When the Agency discovered the breach, it immediately blocked access to the data sets including the public addresses. They then removed the private addresses, ran tests to ensure the removed addresses were no longer visible in the data set, and then re-published the data sets.
The USPTO deputy chief information officer told TechCrunch that the Agency has indicated that advances in technology and modernization in IT infrastructure options prompted the Agency to update decade-old standards and protocols. During this transition, an IT oversight led to the breach.
The USPTO has sent an email to affected applicants this week. The USPTO stated that there is no evidence that the leaked addresses have been misused.
Legal Options for Applicants
For applicants affected by the breach, it is important to be cognizant of any suspicious activity. If you received a notification that your private information was involved in the USPTO data breach and if any harm has resulted from the breach, contact one of our IP or privacy law attorneys to review your legal options.