Insurtech firm Lemonade Inc. disclosed that a technical issue within its auto insurance quoting system led to a data breach that inadvertently exposed the driver’s license numbers of approximately 190,000 insurance applicants.
The company revealed the incident in a filing with the US Securities and Exchange Commission, stating that the breach occurred when certain personal information was mistakenly shared with a third-party data provider. Lemonade attributed the breach to a likely “technical issue in its car insurance quote flow” and acknowledged that the information had been transmitted without the company’s “standard means of protection.”
Lemonade emphasized that it has taken corrective measures to address the vulnerability. In its filing, the company said it does not believe its core operations were compromised and that “Lemonade customer data [was not] targeted.”
The disclosure comes amid an increase in auto insurance quoting activity across the industry, driven in part by rising insurance rates. Progressive Corp. president and chief executive officer Tricia Griffith recently noted a surge in consumer interest, citing “very high levels of ambient shopping” in the personal auto space.
While Lemonade continues to expand its auto insurance business, it has also reported significant growth in its marketing investments. In the fourth quarter of 2024, the company’s sales and marketing expenses climbed to $36 million, up from $13.4 million in the same period the previous year. “Alongside this acceleration, we remained laser focused on marketing efficiency,” Lemonade stated in February, pointing to its use of artificial intelligence to optimize marketing decisions.
The incident at Lemonade echoes a broader pattern of cybersecurity challenges within the auto insurance industry. In March 2025, New York Attorney General Letitia James secured $975,000 in penalties from Root Insurance for failing to protect the personal information of approximately 45,000 New Yorkers. The breach was part of an industry-wide campaign to steal consumers’ personal information, including driver’s license numbers, from online automobile insurance quoting applications.
Similarly, in December 2024, the attorney general’s office announced a $500,000 settlement with Noblr auto insurance for inadequate data security that exposed the data of more than 80,000 New York residents.
What are your thoughts on Lemonade’s recent statement? Share your insights in the comments below.
