According to a warning provided to affected trademark applicants, the USPTO noted that their private domicile location – commonly their home address – appeared in public records mistakenly between February 2020 and March 2023.
The flaw was discovered in one of the USPTO’s APIs, which allows apps used by both agency employees and filers to access a system for verifying the status of pending and registered trademarks.
“When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented,” the notice said.
According to the study, the USPTO also stated that the address data was discovered in bulk databases that the agency provides publicly to facilitate academic and economic research.
“As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently,” USPTO spokesperson Paul Fucito was quoted as saying.
According to the USPTO, the data breach affected around 3% of all applications filed during a three-year period.
According to the report, the situation was remedied on April 1 when domicile addresses were hidden and API vulnerabilities were corrected.
Meanwhile, PharMerica, a large pharmacy service provider in the United States with over 2,500 locations and over 3,100 pharmacy and healthcare programs, discovered a data breach that affected the personal information of approximately six million individuals.