The US Patent and Trademark Office has been leaking user details for several years

A faulty API was leaking people’s postal addresses

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US Patent and Trademark Office (USPTO), the government agency that handles patent and trademark requests, has been operating a faulty application programming interface (API) which was leaking people’s postal addresses for several years.

The organization has notified thousands of its filers about the mishap, explaining what had happened and what it did to remedy the issue.

“When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulkdataproducts until a permanent fix could be implemented,” the body wrote in the notification sent out to the filers.

Three years of leaks

The API had been leaking data since 2020, until it was finally fixed in early April 2023, when the addresses were masked and the faulty API fixed.

In a statement given to TechCrunch, USPTO spokesperson Paul Fucito explained that the postal addresses were mandatory for all filers as means of tackling fraudulent applications:

“As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently,” he said.

Clop ransomware may have infected even more victims than previously thought>Saks Fifth Avenue becomes latest Clop ransomware victim>Check out the best malware removal tools right now

“We regrettably failed to locate some of the more technical exit points and properly mask the data exported from those points. We apologize for our mistake and will do better to prevent such an incident from happening again, while also preserving our ability to crack down on the historic amount of filing fraud we’re seeing originate overseas,” Fucito concluded.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In total, some 61,000 patent and trademark filers have had their physical addresses leaked online, representing roughly 3% of all the applications filed in the three-year period.

USPTO believes no one found the flaw and claims there’s no evidence of any misuse.

Via:TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time