The U.S. Patent and Trademark Office (USPTO) has acknowledged inadvertently exposing private addresses of around 61,000 filers in a data spill that occurred over several years. The USPTO disclosed that the private domicile addresses, often home addresses, were unintentionally included in public records between February 2020 and March 2023.
U.S. law mandates the inclusion of private addresses in trademark applications to combat fraudulent filings. The issue was identified in one of USPTO’s APIs, affecting apps used by agency staff and filers to access a system for checking trademark status. The address data also appeared in bulk datasets published online for research purposes.
The USPTO took prompt action upon discovering the issue, blocking access to non-critical APIs and removing affected bulk data products until a permanent fix could be implemented. USPTO spokesperson Paul Fucito explained that domicile addresses were voluntarily masked in 2020, but some technical exit points were overlooked, resulting in data exposure. Fucito apologized for the mistake and assured efforts to prevent such incidents in the future while maintaining the ability to address filing fraud.
The data leak impacted approximately 3% of the total trademark applications filed during the three-year period. The incident was resolved on April 1, with domicile addresses masked, and API vulnerabilities corrected. The agency has found no evidence of data misuse.
