The United States Patent and Trademark Office (USPTO) recently issued a notice that a data security incident exposed domicile addresses of numerous trademark applicants who filed applications between February 2020 and March 2023. A copy of the first page of the notice is below:
The USPTO stated that the incident occurred when a vulnerability in its API (Application Programming Interface) allowed unauthorized access to the trademark applicants’ domicile addresses. The vulnerability has since been fixed, but the USPTO has acknowledged that unauthorized individuals may have obtained the applicants’ domicile addresses.
Surprisingly, the USPTO notified only trademark applicants—and not their prosecution counsel—who may have been affected by the incident. This means that trademark attorneys may not be aware that their clients have been affected by the data breach. If you received a notice from the USPTO about the data breach and you hired a trademark attorney to handle your trademark application, you may want to notify your legal counsel of the notice and seek further advice.
The data breach incident is concerning because it raises questions about the security of personal information held by the USPTO. The USPTO has maintained that if trademark applicants hired a trademark attorney to file their trademark applications, then their personal information, such as email and domicile addresses, would be hidden from all publicly accessible records. However, the recent incident demonstrates that this is not the case.
Furthermore, trademark scams are on the rise. If a trademark scammer has access to your home address, they may mail letters to trademark owners that appear to come from the USPTO, requesting a payment or other personal information. If you receive such a letter, you may want to notify your legal counsel.
While the USPTO is working to improve the security of its systems and data, it is imperative that trademark applicants be aware of the risks of this data breach and take steps to protect their personal information.
The following are example steps that trademark applicants can take to protect their personal information and intellectual property rights:
- Contact your trademark attorney immediately. If you do not have trademark counsel and you have received a “Notice of Data Security Incident” from the USPTO, please reach out to one of our trademark or intellectual property attorneys.
- Never give out your personal information, such as your Social Security number or credit card number, over the phone or in an email.
- Be wary of any unsolicited mail, emails, or phone calls from scammers purporting to be from the USPTO or another trademark-related organization. Contact your trademark attorney to verify any communication from an unknown party.
The following are some specific examples of trademark-related scams to watch out for:
- Phishing Scams: Phishing scams often occur by email form and appear to be from the USPTO or another trademark-related organization. They often ask you to click on a link or provide some personal information.
- Imposter Scams: Imposter scams occur by mail, emails, or phone calls. Scammers pose as trademark attorneys or other legal professionals and attempt to trick you into paying them for services that you do not need.
- Trademark Infringement Scams: These scammers send you mail or emails claiming that you have infringed on someone’s trademark, and they demand that you pay a fee.
- You may voice your concerns or file a complaint with the USPTO’s Office of General Counsel, the Federal Trade Commission (FTC), or other government agencies. For example, you can file a complaint with the FTC online at ftc.gov/complaint or report scams at ReportFraud.ftc.gov. You can also submit comments or complaints to the USPTO via email at TMFeedback@uspto.gov.
If you have specific questions concerning the USPTO’s “Notice of Data Security Incident” or suspect you have been subject to a trademark scam, please reach out to one of our trademark attorneys.
Dickinson Wright’s attorneys have considerable experience in assisting companies and individuals in protecting their intellectual property rights before the United States Patent and Trademark Office. The firm is committed to helping clients navigate this unprecedented time, and we are available to provide any assistance that may be required.
About the Authors:
Caleb Green is an Associate in the Las Vegas office, focusing his practice on intellectual property, government affairs, immigration, and cyber-security and data protection matters. He can be reached at CGreen@dickinsonwright.com or 702-550-4417, and his biography can be viewed here.
Andrea L. Arndt is a Member in Dickinson Wright’s Austin office, where she focuses her practice on patent prosecution. She can be reached at 248-433-7677 or AArndt@dickinsonwright.com, and her biography can be accessed here.