537890891
The hackers were linked with the Sony Pictures breach in 2014. Photograph by Getty Images/iStockphoto

Database of 191 Million U.S. Voter Records Left Exposed Online

Dec 29, 2015

An improperly configured database exposing the information of 191 million registered U.S. voters was discovered on Dec. 20. The database was taken offline Monday, Dec. 28, presumably to be patched.

Discovered by researcher Chris Vickery, who has since been working with with security website Databreaches as well as IT expert and security blogger Steve Ragan to pinpoint the cause, the unsecured voter list could become a problem for the people listed. Such lists can may contain more than the voter's name, date of birth, gender, and address—which on their own is a good amount of personally identifiable information (PII).

As Databreaches.net, pointed out such lists can also include the voter's ethnicity, party affiliation, e-mail address, phone number, state voter ID, and whether she is on the "Do Not Call" list. According to Ragan, the breached data did not include social security or driver license numbers.

MORE: On Experian's data breach.

Still, that's certainly enough data to help identity thieves get what they need—although given all the breaches afflicting hotel chains, credit agencies, and retailers, anyone who doesn't think their PII isn't already out in the wild is probably kidding themselves.

WATCH: For more on data breaches, watch this Fortune video.

The issue with voter lists, however, is that campaign consultants and marketing firms can (and do) use them for their own purposes—though that activity can be limited by state law.

From the Databreaches.net post mortem:

... databases developed for political campaigns may also include whether or not you voted in the last general and primary elections, whether you appeared to follow a party line vote, and there may be a score predicting whether you’re likely to vote in an upcoming election or for a particular party or candidate. Databases developed for issue-oriented campaigns or non-profits doing fundraising may contain even more personal information such as your religious affiliation, whether you’re likely to be anti-abortion, whether you’re a gun owner, etc.

SIGN UP: Get Data Sheet, Fortune’s daily newsletter about the business of technology.

For more on this breach, check out Vickery's post on Reddit and Ragan's article on CSOOnline.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions