Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

The US Patent and Trademark Office has been leaking user details for several years

Data Breach

The US Patent and Trademark Office (USPTO), the government agency that handles patent and trademark requests, has been operating a faulty application programming interface (API) which was leaking people’s postal addresses for several years.

The organization has notified thousands of its filers about the mishap, explaining what had happened and what it did to remedy the issue.

“When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented,” the body wrote in the notification sent out to the filers. 

Three years of leaks

The API had been leaking data since 2020, until it was finally fixed in early April 2023, when the addresses were masked and the faulty API fixed. 

In a statement given to TechCrunch, USPTO spokesperson Paul Fucito explained that the postal addresses were mandatory for all filers as means of tackling fraudulent applications: 

“As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently,” he said.

“We regrettably failed to locate some of the more technical exit points and properly mask the data exported from those points. We apologize for our mistake and will do better to prevent such an incident from happening again, while also preserving our ability to crack down on the historic amount of filing fraud we’re seeing originate overseas,” Fucito concluded.

In total, some 61,000 patent and trademark filers have had their physical addresses leaked online, representing roughly 3% of all the applications filed in the three-year period. 

USPTO believes no one found the flaw and claims there’s no evidence of any misuse.

Via: TechCrunch

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.