The US Patent Office leaked thousands of filers’ home addresses by accident

According to a recent statement from the US Patent and Trademark Office (USPTO), around 61,000 individuals who filed for patents had their personal addresses unintentionally disclosed in public records for an extended period. The USPTO clarified, in a notice initially obtained by TechCrunch that the address information of the affected patent applicants was mistakenly included in comprehensive datasets that were previously released on the internet for the purposes of economic and academic research.

From February 2020 to March 2023, about 3 percent of all requests were impacted by the data negligence, although authorities have confidence that no individuals with ill intentions mishandled the revealed addresses. The USPTO eventually discovered the unprotected residential details through one of its application programming interfaces on February 24, 2023. An API is frequently utilized by websites to facilitate data retrieval for external parties like researchers. In this instance, the API granted access to a system displaying application statuses for government workers and applicants.

“When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented,” the notice mentions. As per the USPTO, the problem was completely resolved on April 1, and at no moment did these locations appear during routine inquiries on the USPTO platform.

According to the notice from the USPTO, individuals and enterprises are obligated to provide a personal residence location while submitting a trademark application, which serves as an uncomplicated method in “combatting fraudulent trademark filing activity,” While some candidates prefer utilizing a commercial address, numerous individuals decide to utilize their own residential address. The letter received by PopSci from the USPTO mentioned that these regulations also aid in ascertaining whether applicants need to employ an attorney licensed in the United States to represent them before the USPTO.

The letter states that “importantly, this incident was not the result of malicious activity, and we have no reason to believe that your domicile information has been misused. Nevertheless, we take all data security concerns seriously, and we apologize for our mistake.”