Breach, Data Security

ICANN removes domain applicants’ details from website

The Internet Corp. for Assigned Names and Numbers (ICANN), the nonprofit responsible for managing IP address spaces, has apologized for inadvertently publishing full contact information of those who applied for a generic top-level (gTLD) domain earlier this week.

ICANN publicly revealed the list of nearly 2,000 proposed top-level domains and the names of the applicants as part of a splashy event on Wednesday in London. It published the applications on its website, but forgot to redact personal contact data, even though it had promised to do so in the applicant guidebook. Details such as home addresses for the application's primary and secondary contacts were accidentally exposed.

Last summer, ICANN voted to expand gTLDs to allow custom domain suffixes and began accepting applications earlier this year. The current system has 21 gTLDs, including .com, .net, and .org, and country-specific suffixes. The expanded system would support TLDs using other scripts, such as Cyrillic and Chinese, and generic words, such as .shop and .bank. Applicants paid a $185,000 fee and filled out a comprehensive application as part of the bid process.

"The information in these fields was not intended for publication," ICANN said in a statement, adding, "We apologize for this oversight."

ICANN received 1,930 bids from more than 1,100 organizations, including big brands such as Google, Canon, and Amazon, but also groups such as the AARP and Better Business Bureau. The bids came from around the world, although the bulk of the applicants were based in the North America.

After ICANN realized that contact information was available to anyone viewing the public section of its gTLD site, it temporarily disabled that section of the site to remove the information. Access was restored late Thursday.

"The public portions of the new gTLD applications have been restored to the ICANN website," the group said in its statement, announcing that the "unintended information" had been removed.

This is the second privacy misstep for ICANN in its gTLD application process. The submission system for the new gTLDs went live in March, but was offline for about six weeks due to a software glitch that allowed applicants to view the usernames of other applicants and associated filenames.

"ICANN's review of the technical glitch that resulted in the TLD application system being taken offline indicates that the issue stems from a problem in the way the system handled interrupted deletions of file attachments," ICANN said in a statement at the time. The downtime forced it to extend the original deadline of April 12 to May 30.

Some industry observers are the new TLDs will generate consumer confusion and increased cyber squatting, by which scammers buy up domains with the intention of selling them for a profit or creating fraudulent sites, such as to engage in phishing.

The current practice of opportunists registering company names and brands in other TLDs will likely continue, Janet Satterthwaite, a trademark and domain name attorney with Washington, D.C.-based law firm Venable, told

Companies will have to continue to do "defensive registrations" to register their brands under each new domain, according to Satterthwaite. For example, a bookstore may need to register their name with .book before a maliciously minded individual gets to it.

ICANN will be processing and approving applications in batches of 500 and expects the process to take as long as nine months to a year. In cases where there are multiple applicants for the same gTLD, such as the 13 applications for .app, there will be a separate process to determine who wins control of the contested domain.

The first new domains are expected to go live sometime between April and June 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.