The federal government agency responsible for granting patents and trademarks has confirmed it inadvertently exposed about 61,000 filers’ private addresses in a years-long data spill.
The U.S. Patent and Trademark Office (USPTO) said in a notice sent to affected trademark applicants that their private domicile address — often their home address — inadvertently appeared in public records between February 2020 and March 2023.
U.S. law requires applicants to include their private address when submitting a trademark application in efforts to crack down on fraudulent trademark filings.
USPTO said the issue was discovered in one of its APIs, which allows apps used by both agency staff and filers to access a system for checking the status of pending and registered trademarks. (An API allows two things on the internet, such as an app and a server, to communicate with each other.)
USPTO said that the address data also appeared in bulk datasets that the agency publishes online to aid academic and economic research.
“When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented,” the notice read, which TechCrunch obtained from an affected filer.
When reached for comment, USPTO spokesperson Paul Fucito provided more details about the issue: “As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently.”
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
“We regrettably failed to locate some of the more technical exit points and properly mask the data exported from those points. We apologize for our mistake and will do better to prevent such an incident from happening again, while also preserving our ability to crack down on the historic amount of filing fraud we’re seeing originate overseas,” the spokesperson added.
According to USPTO, the data leak affected about 3% of the total number of applications filed during the three-year period.
USPTO said the incident was resolved on April 1 when domicile addresses were masked and API vulnerabilities corrected.
The notice said that the agency has no reason to believe that the data has been misused.
