Exposure of 61,000 private addresses and one more email error

It looks like we will not run out of work! Here is our traditional report on recent data incidents.

This week we look at two incidents that have affected thousands of people by exposing their personal information.

US Patent and Trademark Office (USPTO) data leak exposed 61,000 private addresses of trademark applicants.

In February of 2023, the trademark office found that certain private domicile addresses, which were meant to be concealed from the public, were visible in records obtained through specific application programming interfaces (APIs) of the Trademark Status and Document Review system (TSDR). Data leakage took place over a 3-year period (2020 – 2023).

At the moment the USPTO claims that all consequences have been rectified. It had reported the exposure to the Department of Homeland Security and all affected parties. Also, the trademark office said that there is no reason to believe that the data has been misused.

The USPTO does not disclose other details of the incident. Although the information exposed is not critical, such large and prolonged incidents serve as a stark reminder of the need for robust cybersecurity measures in safeguarding to protect sensitive information.

Tokyo Institute of Technology accidentally attached a file, containing personal data of 10,000 currently enrolled students to an email sent on the regular-course students. 

 In it's Notice of apology, Tokyo Tech claims that leakage happened due to an error in the operation of the web system for students and faculty. The email in question was an announcement regarding the Career Consultation Session it contained personal information of approximately 10,000 currently enrolled Tokyo Tech students, including their names and email addresses. 

“To prevent secondary damage, the Institute is kindly asking all students who received the email to delete the relevant file. A consultation desk regarding the matter is also being set up. No secondary damage such as leakage or misuse of information outside Tokyo Tech has been confirmed at this time.” it said.

Such incidents show that email errors is still an issue. The incident with The University of Hertfordshire that we discussed earlier is a case in point. 

The good news is that we have already figured out the way to prevent such incidents! Learn how to manage insider threats and protect personal data with SearchInform Risk Monitor.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.