Out-Law News 1 min. read

ICANN admits to data breach in publishing 'postal addresses' of new domain applicant contacts


ICANN accidentally posted some personal details of applicants for new generic top level domains (gTLDs) on its website, the organisation has admitted. 

ICANN (Internet Corporation for Assigned Names and Numbers) temporarily removed the "public portions of the new gTLD applications" from its website on Thursday after discovering that the "postal addresses" of some of the applicant contacts had been mistakenly made public.

ICANN, which is the body that oversees the identification of websites, later re-published details of the applications with the postal addresses deleted.

"The public portions of the new gTLD applications have been restored to the ICANN website," the organisation said in a statement on its website. "As we announced earlier, postal addresses of some primary and secondary contacts for gTLD applications were published as part of the application details. The information in these fields was not intended for publication."

"We temporarily disabled viewing of the application details. We removed the unintended information and restored this functionality. We apologize for this oversight," it added.

Last summer directors at ICANN voted to increase the number of gTLDs from the current number of 22. Top level domains are the suffixes to addresses and include familiar address endings such as .com, .org and .net. The first round of applications for the new gTLDs opened in January and closed last month. On Wednesday it published the full list of potential new gTLDs that have been applied for in its first round of applications.

There are 1930 applications, many from individual organisations or trade bodies, including Apple, Google and Microsoft. The list of domains applied for includes .bbc, .bank, .google and .london, with many firms competing for ownership of single domains.

Earlier this week trade mark law expert Gillian Anderson of Pinsent Masons, the law firm behind Out-Law.com, said that the new gTLDs pose risks to business brands but that businesses may not be able to account for the threat of 'cybersquatting' until new domains are actually approved. Cybersquatting occurs when people buy domain names with the purpose of selling them on to trade mark owners for a profit.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.