Insurance Firm Lemonade reports data leak exposing driver's license numbers over 17-month period

New York-based insurance company Lemonade is reporting a data leak that exposed thousands of customers' driver's license numbers over a period spanning 17 months.

The leak occurred between April 2023 and September 2024, though Lemonade only discovered the issue in March 2025. The vulnerability was located in the company's online application platform for insurance policies, which uses a third-party vendor to automatically populate driver's license information after users enter their name and address.

The company stated that driver's license numbers "may have been accessed without authorization" due to this vulnerability. Lemonade claims it has taken steps to fix the security issue, but it has not provided specific details about the remediation measures, how many people were affected in total, or how the breach was initially discovered.

At least 17,563 people in Texas were impacted and 1,950 people in South Carolina were affected. The total number of victims across all states is not disclosed.

The company began sending breach notification letters to affected individuals across multiple states. Lemonade is offering temporary identity protection services to those affected by the breach.

Update - Lemonade has attributed the breach to a  “technical issue in its car insurance quote flow” and acknowledged that the information had been transmitted without the company’s “standard means of protection.” The company claims to have taken corrective measures to address the vulnerability and that it does not believe its core operations were compromised and that “Lemonade customer data [was not] targeted.”