In less than a year, U.S. voters will cast ballots for the next president. But first, voters have to register by providing personal information, including name, address, date of birth, gender and ethnicity. 

Given the nature of the information, one could expect voter registration lists—which are often marketed to companies and political consultants and campaigns—to be closely guarded.

However, on Dec. 20, researcher Chris Vickery told that he found a database that had been “misconfigured” so that the information of more than 191 million American voters was exposed and accessible on the Internet. Although the database didn’t contain Social Security numbers or financial information, Vickery said that it contained the full names and birth dates of millions of Americans. 

Responding to inquiries about the database, software Company NationBuilder said Dec. 28 that “while the database is not ours, it is possible that some of the information it contains may have come from data we make available for free to campaigns.” It also added that all the information was already publicly available, and that “no new or private information was released.”

This isn’t the first time that voter information databases have been compromised. In November, two women in Georgia filed a class action lawsuit against Secretary of State Brian Kemp over a “massive data breach” involving the Social Security numbers and other personal information of approximately 6 million voters in the state.

Vickery, meanwhile, seems to be on a roll. Earlier in December, he discovered that a database for the official online community for Hello Kitty and other Sanrio Co. characters was hacked and the details of more than 3.3 million user accounts—many belonging to young children—were exposed. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.