U.S. Patent and Trademark Office notifies filers of a years-long data leak

The USPTO issues patents, trademarks, and other intellectual property rights. Data on applicants who filed claims with the agency was leaked online between 2020 and 2023. This data included potentially sensitive information such as home addresses and domicile addresses. The U.S. Patent and Trademark Office (USPTO) recently notified filers of a years-long data leak. Tens of thousands of confidential patent applications have been spilled online, exposing the addresses of many successful businesses.

The federal body in charge of granting patents and trademarks has acknowledged that a long-running data leak unintentionally exposed roughly 61,000 filers’ private addresses.

The data leak occurred between February 2020 to March 2023, and it happened because of an error in one of USPTO’s application programming interfaces (APIs). Reportedly more than 61,000, 3% of U.S. applicator addresses, were compromised due to this leak. The applications include information on all business concepts, from software to cosmetics to restaurant services.

Why did the USPTO ask for the U.S. trademark applicant’s address?

The USPTO requires trademark applicants to include a domicile address when they file for a trademark to avoid fraudulent applications. This is typically a residential address. U.S. law mandates that applicants have their private addresses when submitting a trademark application to combat fraudulent trademark filings.

What was the discrepancy that led to the leakage of the data?

The problem was found in one of its application programming interfaces (APIs), which gives apps used by agency employees and filers access to a system for looking up the status of pending and registered trademarks. (An API enables two online entities, such as an app and a server, to connect.)

Later, USPTO clarified that the address information was also included in bulk datasets made available online by the organization for economic and academic research use. As part of the USPTO’s attempts to secure the information that the public directly and often accesses, the organization made an effort to conceal the domicile addresses in 2020. However, in doing so, the organization needed to have identified some more complex exit points and correctly concealed the data transmitted from those locations.

The addresses were also inadvertently made public in sizable datasets that the USPTO posted online to support economic and intellectual research advancement. The USPTO’s technology team worked to isolate the problem, blocking access to all non-critical USPTO APIs and removing the affected bulk data products until a permanent solution could be put in place.

Unfortunately, the technical division of the USPTO did not identify some of the more complicated departure points or correctly mask the data transmitted from those sites. The USPTO assured the public that it would improve to prevent a repeat of the tragedy while retaining the power to crack down on the historical level of filing fraud that originated elsewhere.

USPTO said the situation was rectified on April 1 when concealed domicile addresses and API vulnerabilities were fixed. The notification stated that the agency has no grounds to suspect that the data has been misused. According to a press release, the USPTO had been investigating whether confidential information was breached due to the data leak. It is not clear who is responsible for the breach today, but authorities are looking into the matter.

Data leaks can happen anywhere; brand owners should be vigilant enough and should safeguard their intellectual property and confidential data. Businesses must take precautions to minimize the risks associated with data leaks. This includes ensuring that systems are properly configured and monitored and that employees know their responsibility to protect confidential information. The USPTO data leak serves as a reminder of the importance of security measures.


This data leak could have serious implications for affected filers. It is possible that their marks may have been taken advantage of by competitors or that their products might not be registered because their applications may not have been properly filed. You should contact an attorney if you are concerned about the effects of this data leak on your business. The incident shows how easily sensitive information can be compromised and shared without our knowledge or consent. We need to keep our personal information safe and confidential. Data leaks can have serious consequences for businesses and individuals. They can compromise personal information, damage relationships, and even lead to financial losses. The USPTO data leak is just one example of the risks of sharing sensitive information. Minimize the risk of exploiting your intellectual property by your competitors; contact the best professional available at Brealant for the best guidance. Get tech-led solutions for every aspect of intellectual property protection. Visit the website and learn more about the portfolio of services.

About the Author

You may also like these