[Patentpractice] Interesting notice from USPTO re data breach

David Boundy DavidBoundyEsq at gmail.com
Wed May 1 13:10:06 UTC 2024 

*Question 1.*   The data breach re "where you sleep at night" was just
under a year ago.   Are there others?   Can we come up with ohters so we
can write a letter to Vidal and the Inspector General complaining of a
*pattern* instead of a single instance?

*Question 2.*  Here's a draft letter -- any refinements?

Dear [client]:

The attached letter from the U.S. Patent Office explains a data breach into
the Patent Office's computer systems.  Our conclusion is that the risk is
minimal, and nothing can be done.

Because of a bug in the PTO's software, the serial numbers and titles of
patent applications that should have been maintained confidential may have
been exposed to unauthorized third parties.   This is not the typical kind
of data breach involving an external attacker; this is a programming bug in
which the Patent Office mis-set the switches to protect data that should
have been protected.  As the Patent Office describes it, the breach is
likely small – it would only have occurred when a third party made
a database query that would have included your patent application, and the
data exposed would only have been the serial number and title of the patent
application, not the remainder of the content.  The Patent Office's access
logging does not record who looked at what when, so there is no way to know
whether any of your applications are among those exposed, and if so, to
whom.

The Patent Office's letter explains that the breach was open from February
5 to March 29.  The letter explains that the Patent Office's testing did
not detect or confirm the error until March 28, and the breach was closed
March 29.  The letter explains that the Patent Office is "committed to data
security" but this is the second such data breach in the last year.

The only likely situation in which we could see genuine harm is where the
title reveals the invention, for example, where the title names a specific
compound and its treatment indication.  If you believe there could be harm
in revealing the title of any of your specific patent applications, the PTO
offers that "the USPTO will assist applicants by confirming that the the
disclosure was erroneous and inadvertent."

On Sun, Apr 28, 2024 at 5:40 AM Dan Feigelson via Patentpractice <
> patentpractice at oppedahl-lists.com> wrote:
>
>> I got the following in one of my cases. Supposedly posted yesterday
>> (Saturday, April 27)
>>
>> *Notice of Potential Erroneous Release of Patent Application Titles*
>>
>> On February 5, 2024, the United States Patent and Trademark Office
>> (USPTO), replaced the Electronic Patent Assignment System (EPAS) and
>> Electronic Trademark Assignment System (ETAS) with Assignment Center.
>>
>> Between February 5, 2024 and March 29, 2024, the USPTO, unintentionally,
>> through a computer programming error, permitted bibliographic information
>> to be viewed by unauthorized individuals with access to registered
>> Assignment Center accounts. This bibliographic information was limited to
>> the application number (the two-digit series code plus the six-digit serial
>> number) and title of the invention.
>>
>> You are receiving this notification because your application ’spatent
>> title may have been viewed during that time frame by individual(s) who
>> lacked permission to do so . The software error was first reproduced by
>> USPTO on March 28, 2024, and was corrected on March 29, 2024. Only
>> application numbers and titles were disclosed; it is important to note that
>> your specification and claims were not part of the information made
>> available and were not accessed.
>>
>> Any improper access of the application information between the dates of
>> February 5, 2024 and March 29, 2024, is not considered a publication of
>> such applications under 35 U.S.C. 122(b). No rights in United States
>> patents are threatened by the access to unpublished applications. It is
>> extremely unlikely that the title could disclose the invention in a way
>> that would constitute patent- defeating prior art in any jurisdiction. To
>> the extent any issue is raised, the USPTO will assist applicants by
>> confirming that the disclosure was erroneous and inadvertent.
>>
>> We’re committed to data security and are taking enhanced steps to prevent
>> incidents such as this from happening in the future. The USPTO sincerely
>> regrets this error and is instituting more testing controls, both manual
>> and automated testing, to prevent similar processing errors in the future.
>>
>> Inquiries regarding this matter may be directed to Mark Polutta, Senior
>> Legal Advisor, at (571) 272-7709 or Andrew Stclair, Legal Advisor, at (571)
>> 270-0238, both of the Office of Patent Legal Administration or via email
>> addressed to ugPto.gov.
>>
>> Henry “Jamie” Holcombe
>> Chief Information Officer
>> US Patent and Trademark Office
>> Office +1 (571)272-9400
>>
>> Dated: April 27 th , 2024
>>
>> --
>> Patentpractice mailing list
>> Patentpractice at oppedahl-lists.com
>>
>> http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com
>>
>
>
> --
>
>
> <https://www.iam-media.com/strategy300/individuals/david-boundy>
>
> *David Boundy *| Partner | Potomac Law Group, PLLC
>
> P.O. Box 590638, Newton, MA  02459
>
> Tel (646) 472-9737 | Fax: (202) 318-7707
>
> *dboundy at potomaclaw.com <dboundy at potomaclaw.com>* | *www.potomaclaw.com
> <http://www.potomaclaw.com>*
>
> Articles at http://ssrn.com/author=2936470
> <http://ssrn.com/author=2936470>
> <https://www.keynect.us/requestCardAccess/USA500DBOUN?>
>
> Click here to add me to your contacts.
> <https://www.keynect.us/requestCardAccess/USA500DBOUN?>
>
>

-- 


<https://www.iam-media.com/strategy300/individuals/david-boundy>

*David Boundy *| Partner | Potomac Law Group, PLLC

P.O. Box 590638, Newton, MA  02459

Tel (646) 472-9737 | Fax: (202) 318-7707

*dboundy at potomaclaw.com <dboundy at potomaclaw.com>* | *www.potomaclaw.com
<http://www.potomaclaw.com>*

Articles at http://ssrn.com/author=2936470 <http://ssrn.com/author=2936470>
<https://www.keynect.us/requestCardAccess/USA500DBOUN?>

Click here to add me to your contacts.
<https://www.keynect.us/requestCardAccess/USA500DBOUN?>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20240501/ef4ef0ac/attachment.html>

More information about the Patentpractice mailing list