(PresidentialHill.com)- U.S. troops’ biometric data was found in a device purchased on eBay by a German researcher, according to Just the News. Data of 2,600 people, including U.S. service members and Afghan allies were reportedly found on the device.
Hamburg-based researcher Matthias Marx successfully bid $68 for the device, called a Secure Electronic Enrollment Kit, or SEEK II, that performs iris scans and captures fingerprints. SEEK II was reportedly last used in the summer of 2012 in Kandahar, Afghanistan. Marx found that the memory card had never been wiped clean before being resold, so it “contained names, pictures, nationalities, iris scans and fingerprints of 2,632 individuals, mostly of known terrorists.”
Alongside the Chaos Computer Club, a European hacking group, Marx and other researchers used eBay to purchase six other biometric capturing devices to allegedly study its flaws. They began their mission after the botched 2021 withdrawal in Afghanistan as they feared that the Taliban could have access to similar sensitive equipment.
They found the unencrypted and easily accessible data on two of the purchased devices and it is still unclear how they went from Afghanistan to eBay.
“It was disturbing that they didn’t even try to protect the data,” Marx said about the U.S. military. “They didn’t care about the risk, or they ignored the risk.”
The device with over 2,000 individuals’ data was sold by Rhino Trade, a Texas-based surplus company. David Mendez, the company’s treasurer, said that they had purchased the device at an auction without any knowledge of the sensitive information that was on it.
The other device reportedly came from eBay seller Ayman Arafa who declined to talk about how he obtained it.
Marx called the military irresponsible for its careless handling of the high-risk technology.
Defense Department Press Secretary Brig. Gen. Patrick S. Ryder said that because the agency has not reviewed the information on the devices, they can neither confirm nor deny its authenticity. But he did urge that devices with this sensitive data be returned to them.