USPTO Issues Notice of "Data Security Incident" Involving Applicant Domicile Information
The USPTO recently announced that a data security incident has impacted domicile information "in certain trademark filings between February 2020 and March 2023." Notice of the incident (set out below) was sent to the listed contact in these affected applications.
Notice of Data Security Incident
Dear valued customer,
The United States Patent and Trademark Office (USPTO) recently identified a data security incident that impacted domicile information in certain trademark filings between February 2020 and March 2023. You are receiving this notice because your email address is listed as the contact for the trademark owner in at least one of these applications.
There is no action you need to take with the USPTO, but in the interest of full transparency, we are bringing this matter to your attention.
What happened and what information was involved?
U.S. trademark law requires applicants to include their domicile addresses in trademark applications. This helps us determine if applicants are required to hire a U.S.-licensed attorney to represent them before the USPTO. The U.S. counsel requirement is an important tool in combatting fraudulent trademark filing activity.
On February 24, 2023, we discovered that domicile addresses that should have been hidden from public view appeared in records retrieved through some application programming interfaces (APIs) of the Trademark Status and Document Review system (TSDR). These APIs allow different software applications in and outside the USPTO to programmatically retrieve data.
Further investigation showed that the same domicile addresses also appeared in bulk data products found on https://bulkdata.uspto.gov. These data files are typically used in academic and economic research.
At no point did the impacted domicile addresses turn up in regular TSDR searches on the USPTO website.
Importantly, this incident was not the result of malicious activity, and we have no reason to believe that your domicile information has been misused. Nevertheless, we take all data security concerns seriously, and we apologize for our mistake.
How we addressed the issue
When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented.
By March 31, 2023, we had fully fixed the issue by: • Replacing the affected bulk data files with new versions that omit domicile addresses • Identifying the data masking deficiency that caused the exposures, correcting it, and successfully testing the fix Since April 1, 2023, domicile addresses are properly masked, and all vulnerabilities have been corrected.
What you should be aware of
We will not send additional notices or communications regarding this incident. If you’re contacted about the incident by anyone you believe is impersonating the USPTO or is otherwise trying to scam you, please report it to TMdomicile@uspto.gov.
For more information
If you have any questions or concerns, please email TMdomicile@uspto.gov.
Sincerely,
Jamie Holcombe USPTO Chief Information Officer and Chief Privacy Officer
Read comments and post your comment here.
Text Copyright John L. Welch 2023.
4 Comments:
Thank you for posting the article about this "Data Security Incident" at the USPTO.
I blogged about the incident in two blog articles USPTO breaks its promise about protecting “where you sleep at night” domicile addresses and USPTO comes clean (sort of) to the CAFC about its “where you sleep at night” blunder.
That couldn't have been more predictable. Well I guess the Chinese know where Robert De Niro's domicile is now.
Carl Oppedahl's blog: "USPTO comes clean (sort of) to the CAFC about its “where you sleep at night” blunder." https://blog.oppedahl.com/?p=9608
This is why we shouldn't have to submit bar information.
Post a Comment
<< Home