<div dir="ltr"><div>Oh, you missed your deadline by over two months? No problem!</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">  The Department’s breach notification plan states that bureaus and operating units
must notify individuals whose data was exposed within 30 days or as expeditiously as
practicable and without unreasonable delay. However, USPTO did not notify affected
trademark filers for more than 3 months (105 days) after discovery of the PII exposure
on February 24, 2023. </blockquote><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small">Who could possibly know about editing the URL to access information? Oh... everybody? Well, it is against the ToS! I'm sure it's fine!</div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">  USPTO leadership
repeatedly stated that access to domicile addresses through URL manipulation would
violate the system’s user agreement. However, the user agreement did not absolve USPTO
of its responsibility to protect domicile addresses from unauthorized access through URL
manipulation, a basic and well-known technique used by bad actors  </blockquote><div style="font-size:small">Oh, and we also disclosed other stuff like attorney information, lol! Yes, we promised to keep that masked... Sorry, did we not tell you about that? </div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">  In addition to domicile addresses, other data including attorney information, email
addresses, and Internet Protocol (IP) addresses were also exposed during this 3-year
period. USPTO’s Trademarks Organization did not calculate the number of filers affected by
the exposure of this additional data nor did the office consider this number when
addressing the incident.  </blockquote><div style="font-size:small">Oh, and we did it again! Lmao, we're so much fun!</div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">  On April 19, 2024, after the conclusion of our evaluation, USPTO discovered that
14,359 domicile addresses that should have been hidden from public view were
inadvertently exposed during the transition to a new IT system. Also exposed during this
incident was the bar information of 16,548 attorneys and the email addresses of 33,501
trademark owners. USPTO concluded that this data was exposed between August 23, 2023,
and April 19, 2024.  </blockquote><div style="font-size:small"><br></div><div style="font-size:small">Tim Ackermann</div><div style="font-size:small">The Ackermann Law Firm</div><p><font face="verdana, sans-serif" size="1"><span style="background-image:initial;background-position:initial;background-repeat:initial">E:  <a href="mailto:tim@ackermannlaw.com" target="_blank">tim@ackermannlaw.com</a></span><br><span style="background-image:initial;background-position:initial;background-repeat:initial">P:  817.305.0690</span><br>
<span style="background-image:initial;background-position:initial;background-repeat:initial">F:  214.453.0810</span><br>
<span style="background-image:initial;background-position:initial;background-repeat:initial">W: <a href="http://ackermannlaw.com" target="_blank">ackermannlaw.com</a></span><br>
<span style="background-image:initial;background-position:initial;background-repeat:initial">O: 1701 W. Northwest Hwy. Ste. 100</span><br>
<span style="background-image:initial;background-position:initial;background-repeat:initial">     Grapevine TX 76051</span></font></p></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jun 28, 2024 at 10:43 AM Pamela Chestek via E-trademarks <<a href="mailto:e-trademarks@oppedahl-lists.com">e-trademarks@oppedahl-lists.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I just learned of this report:<br>
<br>
"We found that USPTO mishandled the required reporting and notification <br>
to the affected trademark filers after domicile addresses had been <br>
exposed for 3 years. We also found that USPTO leadership allowed <br>
domicile addresses to remain publicly accessible after they were aware <br>
of the exposure, risking unauthorized disclosures in violation of the <br>
Privacy Act. Additionally, USPTO did not report that additional <br>
sensitive PII was exposed during the incident or notify the affected <br>
filers that additional data had been exposed."<br>
<br>
<a href="https://www.oversight.gov/report/DOC/3-Year-Exposure-Privacy-Act-Protected-Data-Revealed-USPTO-Mismanagement-Safeguarding" rel="noreferrer" target="_blank">https://www.oversight.gov/report/DOC/3-Year-Exposure-Privacy-Act-Protected-Data-Revealed-USPTO-Mismanagement-Safeguarding</a><br>
<br>
Pam<br>
<br>
Pamela S. Chestek<br>
Chestek Legal<br>
300 Fayetteville Street<br>
Unit 2492<br>
Raleigh, NC 27602<br>
<a href="mailto:pamela@chesteklegal.com" target="_blank">pamela@chesteklegal.com</a><br>
(919) 800-8033<br>
<a href="http://www.chesteklegal.com" rel="noreferrer" target="_blank">www.chesteklegal.com</a><br>
<br>
-- <br>
E-trademarks mailing list<br>
<a href="mailto:E-trademarks@oppedahl-lists.com" target="_blank">E-trademarks@oppedahl-lists.com</a><br>
<a href="http://oppedahl-lists.com/mailman/listinfo/e-trademarks_oppedahl-lists.com" rel="noreferrer" target="_blank">http://oppedahl-lists.com/mailman/listinfo/e-trademarks_oppedahl-lists.com</a><br>
</blockquote></div>