SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers

Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.

Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver’s license numbers were likely exposed due to a technical glitch.

Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies.

According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver’s license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says.

Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver’s license numbers to be accessed without authorization.

“We have no evidence to suggest that your driver’s license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself,” the company’s notification letter reads.

The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

Lemonade has notified the Securities and Exchange Commission that approximately 190,000 people were impacted by the mishap.

“Based on the company’s current knowledge of the facts and circumstances related to the incident, the company’s operations were not compromised, nor was Lemonade customer data targeted, and the company has determined that the incident is not material,” Lemonade told the SEC.

Advertisement. Scroll to continue reading.

Founded in 2015, Lemonade describes itself as “a full-stack insurance carrier” that provides renters, homeowners, car, pet, and life insurance products in the US and Europe. The insurer is best known for relying on AI to activate policies and process claims.

Related: 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches

Related: Conduent Says Names, Social Security Numbers Stolen in Cyberattack

Related: Hertz Discloses Data Breach Linked to Cleo Hack

Related: State Bar of Texas Says Personal Information Stolen in Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Security awareness training firm KnowBe4 has named Bryan Palma as president and CEO effective May 5.

Threat intelligence firm Team Cymru has appointed Joe Sander as its Chief Executive Officer.

Madhu Gottumukkala has been named Deputy Director of the cybersecurity agency CISA.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.