Subj : The US Patent and Trademark Office has been leaking user details To : All From : TechnologyDaily Date : Thu Jun 29 2023 16:15:03 The US Patent and Trademark Office has been leaking user details for several years Date: Thu, 29 Jun 2023 15:00:06 +0000 Description: A faulty API was leaking people's postal addresses, but there's no evidence any threat actors found the flaw. FULL STORY ====================================================================== The US Patent and Trademark Office (USPTO), the government agency that handles patent and trademark requests, has been operating a faulty application programming interface (API) which was leaking peoples postal addresses for several years. The organization has notified thousands of its filers about the mishap, explaining what had happened and what it did to remedy the issue. When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented, the body wrote in the notification sent out to the filers. Three years of leaks The API had been leaking data since 2020, until it was finally fixed in early April 2023, when the addresses were masked and the faulty API fixed. In a statement given to TechCrunch, USPTO spokesperson Paul Fucito explained that the postal addresses were mandatory for all filers as means of tackling fraudulent applications: As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently, he said. Read more > Clop ransomware may have infected even more victims than previously thought > Saks Fifth Avenue becomes latest Clop ransomware victim > Check out the best malware removal tools right now We regrettably failed to locate some of the more technical exit points and properly mask the data exported from those points. We apologize for our mistake and will do better to prevent such an incident from happening again, while also preserving our ability to crack down on the historic amount of filing fraud were seeing originate overseas, Fucito concluded. In total, some 61,000 patent and trademark filers have had their physical addresses leaked online, representing roughly 3% of all the applications filed in the three-year period. USPTO believes no one found the flaw and claims theres no evidence of any misuse. These are the best endpoint protection tools right now Via: TechCrunch ====================================================================== Link to news story: https://www.techradar.com/pro/security/the-us-patent-and-trademark-office-has- been-leaking-user-details-for-several-years --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .