The Hungarian Intellectual Property Office (HIPO) has recently disclosed that parts of its IT systems were breached (namely the E-Register application, the electronic register of Hungarian industrial property applications) as a result of which several unpublished patent documents may have been acquired by an unauthorized person.
The HIPO maintains various electronic registers, including IP-Search, E-Dossier and E-Register which also permits the download of the electronic copy of submitted documents. HIPO has recently enabled direct links from its intellectual property search service (for ESPACENET search results), however, unintentionally the contents of E-Register was also accessible via tampering these direct links. It seems that the attacker has tampered with the URL in his / her browser and gained access to non-public documents of the E-Register, including recently filed patent applications still within the publication grace period of 18 months.
According to the investigation of the HIPO, the IP address of the attacker has been logged and it is believed that the tampering with the IT systems of HIPO relate to the same Hungarian computer maintained by a Hungarian patent law firm and allegedly using a crawler for unauthorized access and download of the unpublished patent applications. The HIPO has filed a prosecution to the police based on computer fraud and notified the information security agency, moreover, the Hungarian Chamber of Patent Attorneys has also introduced disciplinary action in order to clarify the circumstances of the case.
The HIPO will notify the owners of the subject patent applications who may be affected by the security breach. Although the method of the breach was not sophisticated, a preliminary penetration test of the publicly available system that process and store data with such high business and economic significance could have identified and addressed these vulnerabilities. The President of HIPO has promised to take the neccessary steps and introduce appropriate security measures to prevent similar data breaches in the future.
The related press releases of HIPO are available in English under the following links: