The US Patent and Trademark Office (USPTO) has confirmed that it accidentally exposed the private addresses of approximately 61,000 trademark filers in a data leak that lasted from February 2020 to March 2023. The issue arose from one of the agency’s APIs, which allows both staff and filers to access a system for checking the status of trademarks. The exposed address data was also included in bulk datasets published online by the agency for research purposes. The USPTO discovered the issue, blocked access to non-critical APIs, and removed the affected bulk data products until a permanent fix could be implemented. The agency spokesperson acknowledged the mistake, apologized, and assured that efforts will be made to prevent such incidents in the future. The data leak impacted around 3% of the total number of applications filed over the three-year period. The USPTO resolved the issue by masking domicile addresses and correcting API vulnerabilities on April 1. The agency stated that there is no evidence of data misuse.
