The US Patent Office accidentally leaked thousands of filers’ home addresses

The data leak lasted from February 2020 to March 2023, and affected 3 percent of all applicants.

By Andrew Paul | Published Jun 29, 2023 12:30 PM EDT

Technology

Black and white photo of government workers in a patent filing office — The U.S. Patent Office, between 1918 and 1928—back when you didn't have to worry about computer leaks. HUM Images/Universal Images Group via Getty Images

An estimated 61,000 trademark filers’ private addresses were accidentally made available within public records for years, according to a recent announcement from the US Patent and Trademark Office (USPTO). In a notice first obtained by TechCrunch and subsequently provided to PopSci, the USPTO explained to affected trademark applicants that their address data also inadvertently appeared in bulk datasets previously published online for economic and academic research uses.

Between February 2020 and March 2023, roughly 3 percent of all applications were affected by the data oversight, although government officials believe there is no reason to suspect any bad actors mishandled the exposed addresses. The USPTO finally uncovered the unshielded residence information within one of the USPTO’s application programming interfaces on February 24, 2023. An API is often used by websites to enable data access for third-parties such as researchers. In this case, the API allowed federal employees and filers to access a system that displayed application statuses.

“When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented,” reads a portion of the notice. According to the USPTO, the issue was fully resolved on April 1, and at no point did these addresses surface during regular searches on the USPTO website.

Within US trademark law, individuals and businesses must include a private domicile address whenever submitting a trademark application, thus offering a relatively simple tool in “combatting fraudulent trademark filing activity,” says the USPTO’s notice. Although some applicants choose to use a business address, many simply opt for their own home address. In the letter provided to PopSci, the USPTO stated the regulations also help determine if applicants are required to hire a US-licensed attorney to represent them before the USPTO.

“Importantly, this incident was not the result of malicious activity, and we have no reason to believe that your domicile information has been misused. Nevertheless, we take all data security concerns seriously, and we apologize for our mistake,” the letter reads.

Correction: A previous version incorrectly stated the data leak affected “patent applications.” The leak only affect trademark applicants. The article has been updated accordingly.

Andrew Paul

Andrew Paul is Popular Science's staff writer covering tech news. Previously, he was a regular contributor to The A.V. Club and Input, and has had recent work also featured by Rolling Stone, Fangoria, GQ, Slate, NBC, as well as McSweeney's Internet Tendency. He lives outside Indianapolis.

news

policy

privacy