US Patent and Trademark Office reports multi-year data leak

The U.S. Patent and Trademark Office (USPTO) has reported a data breach where approximately 61,000 trademark filers' private addresses were inadvertently exposed in public records over a period of three years.

The data leak lasted from February 2020 to March 2023. The report was made via a notice sent to affected applicants, explaining that the private domicile addresses, typically home addresses, appeared in publicly accessible records due to a flaw in one of USPTO's APIs, which allows access to trademark status information.

The address data also appeared in bulk datasets published by the agency for research purposes.

USPTO temporarily blocked access to non-critical APIs and removed the impacted data until a permanent fix was implemented. 

They clarified that the incident affected approximately 3% of applications filed during the three-year period and assured that there is no evidence of the data being misused.