Insurance Firm Lemonade Says API Glitch Exposed Some Driver's License Numbers

An anonymous reader quotes a report from SecurityWeek: Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver's license numbers were likely exposed due to a technical glitch. Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies. According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver's license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says.

Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver's license numbers to be accessed without authorization. "We have no evidence to suggest that your driver's license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself," the company's notification letter reads. The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

When the world hands you lemons ...

[fahrbot-bot]

Insurance firm Lemonade

You make an insurance company?

the platform transmitted the information unencrypted,

Their website touts how fast they process things, maybe not wasting time on en/decrypting probably helps. :-)

Incompetence

[devslash0]

Not a glitch. Stop using the G-word excuse.