Security Week

Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers

Ionut Arghire Published: April 15, 2025 | Updated: April 15, 2025 2 min read

Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver’s license numbers were likely exposed due to a technical glitch.

Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies.

According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver’s license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says.

Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver’s license numbers to be accessed without authorization.

“We have no evidence to suggest that your driver’s license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself,” the company’s notification letter reads.

The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

Lemonade has notified the Securities and Exchange Commission that approximately 190,000 people were impacted by the mishap.

“Based on the company’s current knowledge of the facts and circumstances related to the incident, the company’s operations were not compromised, nor was Lemonade customer data targeted, and the company has determined that the incident is not material,” Lemonade told the SEC.

Advertisement. Scroll to continue reading.

Founded in 2015, Lemonade describes itself as “a full-stack insurance carrier” that provides renters, homeowners, car, pet, and life insurance products in the US and Europe. The insurer is best known for relying on AI to activate policies and process claims.