[E-trademarks] Notice of Data Security Incident

Tim Ackermann tim at ackermannlaw.com
Fri Jun 7 13:09:46 EDT 2024 

I did ask the USPTO office about this. For the sake of completeness, I am
pasting in below my inquiries to the USPTO, along with its responses
seeking to justify its violation of the rules.
Tim Ackermann
The Ackermann Law Firm
*Inquiry 1:*
 This is a result of the recent "data security incident that impacted
domicile information in certain trademark application data made available
between August 23, 2023, and April 19, 2024". The USPTO email I got is
below.
 I have seen an email that tells me that, at the same time I was notified
by the USPTO, it also notified one of my clients directly (well, at least
one). The USPTO notified my client by using the email that it has demanded
clients include in the applicant information. That's the only way it had
that email and had it tied to the relevant applications. What I do not
understand is why the USPTO is violating its own rules to do so?
 This notice concerned a pending application. The USPTO notification email
should ONLY have come to me. I am counsel of record; I filed the
application and thus am 'recognized' under R. 2.17(b). I am the only
correspondent and the correspondence emails only come to me. The USPTO
should not have contacted the client directly, because the USPTO is
required by Rule 2.18 to "only" correspond with that recognized attorney,
except under circumstances that do not apply (e.g. recognition is improper
or has ended).
 Can you please explain this violation of the Regulations?
*Response 1:*

Thank you for your question. Section 2.18 of our rules of practice concerns
an application or registration proceeding and does not apply to notices
like the data security incident notice. We determined that sending the
notice to the owner addresses is the best way to ensure the notice is
received by the affected parties.
*Inquiry 2:*
Where, in a statute or regulation, does the USPTO get the authority to
exclude correspondence from the USPTO to applicants from the
requirements imposed by the Federal Regulations?Rule 2.18 merely concerns
"correspondence" -- it does not limit itself to the legal proceeding itself
nor is it limited to "actions" by the USPTO. It says nothing about
excluding "incident notices" or other correspondence the USPTO might prefer
to exempt from the Rule. Moreover, this position is inconsistent with the
USPTO's statement in 2019 when it changed the rules to require email
addresses. It said:

> The USPTO does not undertake double correspondence with both the applicant
> or registrant and the attorney of record. Accordingly, if an applicant or
> registrant is represented by an attorney, the USPTO corresponds and
> conducts business only with the attorney. [
> https://www.federalregister.gov/
> <https://www.federalregister.gov/documents/2019/07/31/2019-16259/changes-to-the-trademark-rules-of-practice-to-mandate-electronic-filing> at
> 37088]

*Response 2:*
It is not in conflict with our rules, nor is it unusual, for the USPTO to
communicate directly with customers on matters that are outside the
representation of their legal counsel. For instance, a customer who is
represented by an attorney may communicate directly with the USPTO about
administrative matters pertaining to that customer, such as details
concerning their USPTO.gov account, stored fee payment information, and
other matters related to the management of their personal information in
USPTO systems. They also may communicate directly with the FOIA Office
about filing a FOIA request or the Office of Enrollment and Discipline
about filing a grievance. Because this is closely connected to the
management of their personal information in USPTO systems, and has no
bearing on the prosecution of the application or registration, this falls
within the ambit of the Office’s authority to communicate directly with
customers on these types of issues regardless of representation. This is
supported by the fact that the communication comes from the CIO, and not
the Commissioner for Trademarks.

E:  tim at ackermannlaw.com
P:  817.305.0690
F:  214.453.0810
W: ackermannlaw.com
O: 1701 W. Northwest Hwy. Ste. 100
     Grapevine TX 76051


On Mon, May 13, 2024 at 10:23 AM Kevin Grierson <kgrierson at cm.law> wrote:

> You’re not missing anything.  The PTO is behaving like a rogue agency that
> doesn’t need to follow its own rules (or the APA, for that matter), because
> the courts have been unwilling to hold it accountable in that regard.
>
>
>
> *Kevin Grierson*
>
> [image: Mobile:]
>
>   757-726-7799
>
> [image: Fax:]
>
>   866-521-5663
>
> [image: Email:]
>
>   kgrierson at cm.law
>
>
>
> *From:* E-trademarks <e-trademarks-bounces at oppedahl-lists.com> *On Behalf
> Of *Tim Ackermann via E-trademarks
> *Sent:* Monday, May 13, 2024 10:52 AM
> *To:* Carl Oppedahl <e-trademarks at oppedahl-lists.com>
> *Cc:* Tim Ackermann <tim at ackermannlaw.com>
> *Subject:* Re: [E-trademarks] Notice of Data Security Incident
>
>
>
> EXTERNAL EMAIL
>
> And... it gets worse.
>
>  At the same time the USPTO notified me, it also notified (at least) one
> of my clients. This was a client whose required chosen email address is one
> that goes to them.
>
> I, of course, have no idea my client got this information (until asked
> about it).
>
>  This is a pending application. Why would a client have received any
> communication from the USPTO on this? I am counsel of record; I filed the
> application and thus am 'recognized' under R. 2.17(b). I am the only
> correspondent. The USPTO should not have contacted the client
> directly, because the USPTO is required by Rule 2.18 to "only" correspond
> with that attorney except under circumstances that do not apply (e.g.
> recognition is improper or has ended).
>
>  Or am I missing something here?
>
>  Sincerely,
>
> Tim Ackermann
>
> The Ackermann Law Firm
>
> E:  tim at ackermannlaw.com
> P:  817.305.0690
> F:  214.453.0810
> W: ackermannlaw.com
> O: 1701 W. Northwest Hwy. Ste. 100
>      Grapevine TX 76051
>
>
>
>
>
> On Tue, May 7, 2024 at 1:30 PM Tim Ackermann <tim at ackermannlaw.com> wrote:
>
> FYI - the Office disclosed domicile information (again, I think). Then it
> says this:
>
> You are receiving this notice because your email address is listed as the
> contact for the trademark owner in at least one of these
> applications. There is no action you need to take with the United States
> Patent and Trademark Office (USPTO), but in the interest of full
> transparency, we are bringing this matter to your attention.
>
>  "Full transparency" evidently does not include telling me WHOSE domicile
> information the Office failed to protect.
>
> Tim
>
> Tim Ackermann
>
> The Ackermann Law Firm
>
> E:  tim at ackermannlaw.com
> P:  817.305.0690
> F:  214.453.0810
> W: ackermannlaw.com
> O: 1701 W. Northwest Hwy. Ste. 100
>      Grapevine TX 76051
>
>
>
> ---------- Forwarded message ---------
> From: *U.S. Patent and Trademark Office* <
> subscriptioncenter at subscriptions.uspto.gov>
> Date: Tue, May 7, 2024 at 1:16 PM
> Subject: Notice of Data Security Incident
> To:
>
>
>
> Having trouble viewing this email? View it as a Web page
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vY29udGVudC5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNQVE8vYnVsbGV0aW5zLzM5YjAxZDUiLCJidWxsZXRpbl9pZCI6IjIwMjQwNTA3Ljk0NDQ0NTQxIn0.lPX5Tcez0j8ETMY8H5biSOPbRU22zmq98an3_yHu_zQ/s/3003983680/br/242027980700-l>
> .
>
>
> USPTO Alert
>
> [image: US Patent and Trademark Office]
> Notice of Data Security Incident
>
> Dear valued customer,
>
> We recently identified a data security incident that impacted domicile
> information in certain trademark application data made available between
> August 23, 2023, and April 19, 2024. You are receiving this notice because
> your email address is listed as the contact for the trademark owner in at
> least one of these applications.
>
> There is no action you need to take with the United States Patent and
> Trademark Office (USPTO), but in the interest of full transparency, we are
> bringing this matter to your attention.
> What happened and what information was involved?
>
> U.S. trademark law requires applicants to include their domicile addresses
> in trademark applications. This helps us determine if applicants are
> required to hire a U.S.-licensed attorney to represent them before our
> agency (called the U.S. counsel rule
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LnVzcHRvLmdvdi90cmFkZW1hcmtzL2xhd3MvdHJhZGVtYXJrLXJ1bGUtcmVxdWlyZXMtZm9yZWlnbi1hcHBsaWNhbnRzLWFuZC1yZWdpc3RyYW50cy1oYXZlLXVzP3V0bV9jYW1wYWlnbj1zdWJzY3JpcHRpb25jZW50ZXImdXRtX2NvbnRlbnQ9JnV0bV9tZWRpdW09ZW1haWwmdXRtX25hbWU9JnV0bV9zb3VyY2U9Z292ZGVsaXZlcnkmdXRtX3Rlcm09IiwiYnVsbGV0aW5faWQiOiIyMDI0MDUwNy45NDQ0NDU0MSJ9.58SI_D6d9vFd-QBeOLn3g5kVWrR0AzgNl590e31YpOU/s/3003983680/br/242027980700-l>).
> The U.S. counsel rule is an important tool in combatting fraudulent
> trademark filing activity.
>
> On April 19, 2024, we discovered there were domicile addresses that should
> have been hidden from public view but which were inadvertently exposed as
> we transitioned to a new IT system. These addresses appeared in records
> that could have been retrieved through a bulk data set on our website. This
> data set is typically used in academic and economic research.
>
> At no point were the impacted domicile addresses visible when users
> searched trademark records through our search system or our trademark
> documents database.
>
> Importantly, this incident was not the result of malicious activity, and
> we have no reason to believe that your domicile information has been
> misused. Nevertheless, we take all data security concerns seriously, and
> we’ve implemented corrective measures.
> How we addressed the issue
>
> When we discovered the issue, we blocked access to the impacted bulk data
> set, removed files, implemented a patch to fix the exposure, tested our
> solution, and re-enabled access.
> Moving forward
>
> We’re committed to data security and are taking steps to prevent incidents
> like this from happening in the future. We sincerely regret this error and
> are updating our process for creating and publishing bulk data files.
> Additional testing, spot checks, and process improvements will help us
> ensure domicile addresses in the bulk data are properly masked going
> forward.
> For more information
>
> We will not send additional notices or communications regarding this
> incident. If you’re contacted about the incident by anyone you believe is
> impersonating the USPTO, or if you have any questions or concerns, please
> contact TMdomicile at uspto.gov.
>
> Sincerely,
>
> [image: Jamie Holcombe pen signature]
>
> Henry “Jamie” Holcombe
> Chief Information Officer
> U.S. Patent and Trademark Office
>
>
>
> [image: facebook]
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHA6Ly93d3cuZmFjZWJvb2suY29tL3VzcHRvLmdvdj91dG1fY2FtcGFpZ249c3Vic2NyaXB0aW9uY2VudGVyJnV0bV9jb250ZW50PSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9uYW1lPSZ1dG1fc291cmNlPWdvdmRlbGl2ZXJ5JnV0bV90ZXJtPSIsImJ1bGxldGluX2lkIjoiMjAyNDA1MDcuOTQ0NDQ1NDEifQ.XNHMMh_PRLuqxu4WDt6abKVxvB0Y05R2xgTFmKhxrTs/s/3003983680/br/242027980700-l>[image:
> twitter]
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHA6Ly90d2l0dGVyLmNvbS91c3B0bz91dG1fY2FtcGFpZ249c3Vic2NyaXB0aW9uY2VudGVyJnV0bV9jb250ZW50PSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9uYW1lPSZ1dG1fc291cmNlPWdvdmRlbGl2ZXJ5JnV0bV90ZXJtPSIsImJ1bGxldGluX2lkIjoiMjAyNDA1MDcuOTQ0NDQ1NDEifQ.8xnrJivZ5gYD2pe41mzkdfrDjx5r5BuN7wwSxeNJ0TE/s/3003983680/br/242027980700-l>[image:
> youtube]
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDQsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHA6Ly95b3V0dWJlLmNvbS91c3B0b3ZpZGVvP3V0bV9jYW1wYWlnbj1zdWJzY3JpcHRpb25jZW50ZXImdXRtX2NvbnRlbnQ9JnV0bV9tZWRpdW09ZW1haWwmdXRtX25hbWU9JnV0bV9zb3VyY2U9Z292ZGVsaXZlcnkmdXRtX3Rlcm09IiwiYnVsbGV0aW5faWQiOiIyMDI0MDUwNy45NDQ0NDU0MSJ9.nYd173DaXNm2ZTY_fIadFxYExpKyrqMoll75ETe6Ncs/s/3003983680/br/242027980700-l>[image:
> linkedin]
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDUsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHA6Ly9saW5rZWRpbi5jb20vY29tcGFueS91c3B0bz91dG1fY2FtcGFpZ249c3Vic2NyaXB0aW9uY2VudGVyJnV0bV9jb250ZW50PSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9uYW1lPSZ1dG1fc291cmNlPWdvdmRlbGl2ZXJ5JnV0bV90ZXJtPSIsImJ1bGxldGluX2lkIjoiMjAyNDA1MDcuOTQ0NDQ1NDEifQ.9ufhPNBERUM1ffDg07FtURDAXkaS7NTOY-v_C4NbRtI/s/3003983680/br/242027980700-l>
>
>
>
> Stay connected with the USPTO by subscribing to regular email updates.
>
> Visit our subscription center at www.uspto.gov/subscribe
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDYsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHA6Ly93d3cudXNwdG8uZ292L3N1YnNjcmliZT91dG1fY2FtcGFpZ249c3Vic2NyaXB0aW9uY2VudGVyJnV0bV9jb250ZW50PSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9uYW1lPSZ1dG1fc291cmNlPWdvdmRlbGl2ZXJ5JnV0bV90ZXJtPSIsImJ1bGxldGluX2lkIjoiMjAyNDA1MDcuOTQ0NDQ1NDEifQ.qSOyZLi9kZhTEJMAQENPl3O2euEPLiSH_skpzPIj6tY/s/3003983680/br/242027980700-l>
> to update or change your email preferences.
>
> This email was sent from an unmonitored mailbox. To contact us, please
> visit our website www.uspto.gov/about/contacts
> <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHA6Ly93d3cudXNwdG8uZ292L2Fib3V0L2NvbnRhY3RzP3V0bV9jYW1wYWlnbj1zdWJzY3JpcHRpb25jZW50ZXImdXRtX2NvbnRlbnQ9JnV0bV9tZWRpdW09ZW1haWwmdXRtX25hbWU9JnV0bV9zb3VyY2U9Z292ZGVsaXZlcnkmdXRtX3Rlcm09IiwiYnVsbGV0aW5faWQiOiIyMDI0MDUwNy45NDQ0NDU0MSJ9.cC5kwKEVLP1DW7wH5DWL3B5a7K7JFyPRCkVcXsheQyQ/s/3003983680/br/242027980700-l>.
> To ensure that you continue to receive our news and notices, please modify
> your email filters to allow mail from
> subscriptioncenter at subscriptions.uspto.gov.
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oppedahl-lists.com/pipermail/e-trademarks_oppedahl-lists.com/attachments/20240607/920692a1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3100 bytes
Desc: not available
URL: <http://oppedahl-lists.com/pipermail/e-trademarks_oppedahl-lists.com/attachments/20240607/920692a1/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 285 bytes
Desc: not available
URL: <http://oppedahl-lists.com/pipermail/e-trademarks_oppedahl-lists.com/attachments/20240607/920692a1/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 452 bytes
Desc: not available
URL: <http://oppedahl-lists.com/pipermail/e-trademarks_oppedahl-lists.com/attachments/20240607/920692a1/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 394 bytes
Desc: not available
URL: <http://oppedahl-lists.com/pipermail/e-trademarks_oppedahl-lists.com/attachments/20240607/920692a1/attachment-0003.png>

More information about the E-trademarks mailing list