Federal Reports

The objective of our evaluation was to assess USPTO’s actions in response to the exposure of domicile addresses to determine whether USPTO complied with federal and U.S. Department of Commerce (the Department) information technology (IT) security standards.We found that USPTO mishandled the required reporting and notification to the affected trademark filers after domicile addresses had been exposed for 3 years. We also found that USPTO leadership allowed domicile addresses to remain publicly accessible after they were aware of the exposure, risking unauthorized disclosures in violation of the Privacy Act. Additionally, USPTO did not report that additional sensitive PII was exposed during the incident or notify the affected filers that additional data had been exposed. Lastly, the Department’s Chief Privacy Officer (CPO) did not assist USPTO in responding to this incident because of a lapse in the Department reporting process. See appendix B for a timeline of the events discussed in our findings.USPTO’s exposure of trademark filer data may not only reduce public confidence, but also may have equipped bad actors with additional data that could be used to defraud trademark holders. Bad actors could aggregate the pieces of exposed data to convincingly create official-looking USPTO correspondence or impersonate a filer’s attorney. Despite these risks, USPTO leadership did not comply with federal, departmental, and USPTO incident response reporting requirements and knowingly allowed domicile addresses to remain publicly accessible during incident mitigation. USPTO must improve its efforts in safeguarding trademark filers’ personal data to rebuild public trust and honor trademark holders’ privacy.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report which is available at the link below.

While the U.S. Postal Service is viewed by the American people as one of the most trusted government organizations, it has suffered a history of financial net losses dating back to 2007. The Postal Service sought to address these challenges through its 10-year strategic plan, Delivering for America (DFA); published in March 2021. The DFA plan calls for over $40 billion in capital investments and calculates projected savings through initiatives that include $24 billion in revenue improvements, $34 billion in management cost savings, $44 billion in regulatory changes, and $58 billion in legislative and administrative actions.

The report summarizes the PRAC’s work during the first half of Fiscal Year 2024 and updates Congress on our efforts to promote transparency and ensure coordinated oversight of more than $5 trillion in pandemic relief. It also highlights the success of the PRAC’s Pandemic Analytics Center of Excellence (PACE), demonstrating the value of the data analytics platform as a good-government initiative that should transition from fighting pandemic-related fraud to preventing and curbing waste in other government spending programs.

During a recent audit of VHA’s personnel suitability program, the VA OIG received a whistleblower complaint alleging that untrained human resources officials from Veterans Integrated Service Network 20 (VISN 20) were overturning pre screening determinations. The complaint included an example in which a candidate who was initially found unsuitable was subsequently advanced for hiring. The complainant later provided four additional examples of candidates initially found unsuitable for employment due to patterns of potentially disqualifying conduct, such as domestic violence and driving under the influence of alcohol. This memorandum outlines VISN 20’s pre-screening process, relevant requirements, and the OIG’s findings to raise VHA leaders’ awareness of risks associated with the inconsistent vetting process. The OIG team determined that VISN 20 human resources officials reversed an adjudicator’s unfavorable pre screening determination in two of the five instances described in the complainant’s documents, but these actions alone did not violate VA policy. The team confirmed that these officials did not complete required adjudicator training for staff reviewing suitability determinations. There were also inconsistencies in managing and monitoring the pre screening process. Lack of national guidance for the pre screening process allowed regional human resources offices to develop their own methods. Variations in approach, supervision, and accountability and the lack of a robust monitoring program can increase risks to VA and veterans. In its comments to the memorandum, VHA reported taking action to establish decision-making roles and improve the review process for suitability coordinators.