US Patent and Trademark Office Confirms Another Leak of Filers' Address Data

An anonymous reader quotes a report from TechCrunch: The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years. The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address -- which can include their home address -- appeared in public records between August 23, 2023 and April 19, 2024. U.S. trademark law requires that applicants include a private address when filing their paperwork with the agency to prevent fraudulent trademark filings.

USPTO said that while no addresses appeared in regular searches on the agency's website, about 14,000 applicants' private addresses were included in bulk datasets that USPTO publishes online to aid academic and economic research. The agency took blame for the incident, saying the addresses were "inadvertently exposed as we transitioned to a new IT system," according to the email to affected applicants, which TechCrunch obtained. "Importantly, this incident was not the result of malicious activity," the email said. Upon discovery of the security lapse, the agency said it "blocked access to the impacted bulk data set, removed files, implemented a patch to fix the exposure, tested our solution, and re-enabled access." Last June, the USPTO inadvertently exposed about 61,000 applicants' private addresses "in a years-long data spill in part through the release of its bulk datasets," reports TechCrunch. It told affected individuals that the issue was fixed.

Let me guess

[stabiesoft]

I'll get free credit monitoring for one year.

Re: Let me guess

[dpille]

Probably worth more than the damages. Your address is surely public data somewhere.

Re:

[stabiesoft]

At this point I assume my name, birth, ss, dl, height, weight, ... dna sequence are all out there. My point was that all of that is out there because of all the breaches. And with every breach I've been in, or might have been in, all I got was free credit monitoring. If there were some actual damages, like take the executives pension plan away, perhaps maybe they would not happen every week. We have become inured to it. I'm surprised such a story would even make /. anymore.

not the result of malicious activity

[bagofbeans]

"Importantly, this incident was not the result of malicious activity"

Oh, so it's ok if it's the result of incompetence then.

Re:

[bagofbeans]

G'day mate!

Stop asking for where I live, damn it

[RegistrationIsDumb83]

I really hate it when government and businesses demand a residential address instead of accepting a PO Box, when a PO box (or registered agent if necessary) would suffice perfectly well. I work hard to keep that offline, and am currently succeeding (with great effort!). It's just not safe to have your address be searchable, and I speak from experience. There should be a USPS address alias system that every organization is required to accept.

Lowest Bidder Effect

[omnichad]

When are we going to stop leaving government contracts to the lowest bidder with no regard for security?

Re:

[bugs2squash]

exactly, we should pay top dollar for no regard to security.

What, Me Worry?

[rally2xs]

I was born in the 1940's. For most of my adult life, that address has been in phone books in various cities. But now, someone "leaks" it online and I'm supposed to hyperventilate and break out in hives? I don't think so...