A current knowledge breach on the insurance coverage agency Lemonade uncovered the driving force’s license numbers of 1000’s of individuals over the course of 17 months.
The New York-based firm started sending breach notification letters in a number of states final week following the invention of an incident in 2023 and 2024 involving its on-line utility course of. Customers sometimes enter their identify and handle into the Lemonade insurance coverage coverage utility and a third-party vendor mechanically populates an individual’s driver’s license quantity.
A vulnerability inside the on-line utility platform for insurance coverage insurance policies resulted within the possible publicity of driver’s license numbers, which “might have been accessed with out authorization,” the corporate stated.
An investigation revealed the knowledge was uncovered from April 2023 to September 2024. The corporate says it found the difficulty in March 2025.
Lemonade stated it has taken steps to repair the vulnerability however didn’t reply to requests for remark about the way it did so, how many individuals had been affected or the way it was initially tipped off to the issue.
Victims are being given short-term id safety providers. At the very least 17,563 folks in Texas had been impacted by the breach together with 1,950 folks in South Carolina. It’s unclear what number of different states’ residents had been affected.
Lemonade affords insurance coverage to automobile homeowners, renters, owners, in addition to pet and time period life insurance coverage within the U.S. The corporate is finest recognized for controversially using AI and chatbots to course of its claims.
Whereas Lemonade reiterated within the letters that they’ve “no proof to counsel” that driver’s licence numbers had been misused, hackers have beforehand focused related platforms and used stolen numbers for a wide range of scams.
In November, New York state officers fined insurance coverage giants Geico and Vacationers more than $11 million for the same concern that uncovered the driving force’s license numbers of about 120,000 New Yorkers.
The businesses operated related web sites providing insurance coverage quotes to potential clients that mechanically fill in purposes after folks enter their names or handle. Hackers focused Geico’s purposes utilizing the pre-fill operate to entry the driving force’s license numbers of tens of 1000’s of New Yorkers. The corporate stated it found a spike within the variety of purposes that had been being pre-filled however not accomplished.
Cybercriminals then used the stolen driver’s license numbers to file fraudulent unemployment advantages claims in New York state, pilfering 1000’s of {dollars} on the peak of the COVID-19 pandemic.
The corporate discovered cybercriminals discussing breaching Geico’s system and stealing driver’s license numbers on the darkish internet, and in some situations hackers had been buying insurance policies and submitting fraudulent claims to realize entry to clients’ driver’s licence numbers.
Recorded Future
Intelligence Cloud.
