The massive collection of personally identifiable information was out in the open for more than a week.
An improperly configured database exposing the information of 191 million registered U.S. voters was discovered on Dec. 20. The database was taken offline Monday, Dec. 28, presumably to be patched.
Discovered by researcher Chris Vickery, who has since been working with with security website Databreaches as well as IT expert and security blogger Steve Ragan to pinpoint the cause, the unsecured voter list could become a problem for the people listed. Such lists can may contain more than the voter’s name, date of birth, gender, and address—which on their own is a good amount of personally identifiable information (PII).
As Databreaches.net, pointed out such lists can also include the voter’s ethnicity, party affiliation, e-mail address, phone number, state voter ID, and whether she is on the “Do Not Call” list. According to Ragan, the breached data did not include social security or driver license numbers.
Still, that’s certainly enough data to help identity thieves get what they need—although given all the breaches afflicting hotel chains, credit agencies, and retailers, anyone who doesn’t think their PII isn’t already out in the wild is probably kidding themselves.
WATCH: For more on data breaches, watch this Fortune video.
The issue with voter lists, however, is that campaign consultants and marketing firms can (and do) use them for their own purposes—though that activity can be limited by state law.
From the Databreaches.net post mortem:
SIGN UP: Get Data Sheet, Fortune’s daily newsletter about the business of technology.