German researchers who bought biometric capturing devices on eBay discovered private US military information stored on their memory cards, according to a report by The New York Times.

This data set, which reportedly came from Iraq and Afghanistan, contained names, fingerprints, iris scans, pictures, names, and other details of certain individuals. 

(Photo : Chris Hondros/Getty Images)
DAND DISTRICT, KANDAHAR PROVINCE - JUNE 14: A US Army soldier in the 1-71 Cavalry scans the eye of an Afghan National Police member for identification purposes with a handheld biometric device June 14, 2010 in rural Dand District, just south of Kandahar, Afghanistan.

Chaos Computer Club

According to the report, several of them collaborated with the US army and might become targets if the gadgets ended up in the wrong hands.

Six of the gadgets were purchased on eBay by the Chaos Computer Club, a team of academics led by Matthias Marx, for an average price of under $200.

They were motivated by a 2021 The Intercept report claiming that the Taliban had taken comparable US military biometric equipment.

The team sought to determine whether they contained any information on those who provided support to the US Military that might put them at risk.

They discovered 2,632 people's pictures, iris scans, names, nationalities, and fingerprints on one of the gadget's memory cards.

The team said it was used in the summer of 2012 close to Kandahar, Afghanistan, based on additional metadata.

Another gadget, which was used in Jordan in 2013, had a small number of US military personnel's fingerprints and iris scans on it.

According to a 2011 handbook, the gadgets, such tools were used to locate rebels, confirm local and foreign nationals' access to US bases, and connect individuals to incidents. 

Marx said he was disturbed that the US military did not allegedly protect data.

Read also: Pentagon Awards Google, Amazon, Oracle, and Microsoft $9 Billion Contracts to Build a Cloud Computing Network for the US Military

"Alleged Data"

One device was bought at a military auction, and the vendor said they had no idea it contained private information. The US military might have reduced the risk by simply deleting the memory cards before selling them because the private information was kept on them, according to the researchers.

"Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it," Defense Department press secretary Brig. Gen. Patrick S. Ryder said in an interview with NYT.

The department is now asking anyone who wields any device that contains personally identifiable information to be returned to them for further investigation.

The team intends to remove any personally identifiable information discovered on the devices due to the sensitivity of the data. The US government should grant asylum to everyone detected on such gadgets, according to one of the researchers, even if they have replaced their identities with new ones. 

Related Article: US Military Will Use 'High-Altitude Hot Air Balloons' to Prevent Hypersonic Missiles Against China and Russia