Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver’s license numbers were likely exposed due to a technical glitch.
Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies.
According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver’s license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says.
Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver’s license numbers to be accessed without authorization.
“We have no evidence to suggest that your driver’s license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself,” the company’s notification letter reads.
The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.
Lemonade has notified the Securities and Exchange Commission that approximately 190,000 people were impacted by the mishap.
“Based on the company’s current knowledge of the facts and circumstances related to the incident, the company’s operations were not compromised, nor was Lemonade customer data targeted, and the company has determined that the incident is not material,” Lemonade told the SEC.
Founded in 2015, Lemonade describes itself as “a full-stack insurance carrier” that provides renters, homeowners, car, pet, and life insurance products in the US and Europe. The insurer is best known for relying on AI to activate policies and process claims.
Related: 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
Related: Conduent Says Names, Social Security Numbers Stolen in Cyberattack
Related: Hertz Discloses Data Breach Linked to Cleo Hack
Related: State Bar of Texas Says Personal Information Stolen in Ransomware Attack
