Lemonade's $10.5M data breach settlement: See if you qualify and learn how to protect your identity
Summary
In late 2023 and early 2024, cybercriminals exploited a vulnerability in Lemonade’s online quote platform that automatically populated driver’s license numbers when users entered basic personal data. The breach exposed the driver’s license numbers and other sensitive information of roughly 190,000 customers, prompting a class‑action lawsuit alleging negligence and violations of privacy laws. Lemonade denied wrongdoing but agreed to a $10.5 million settlement to avoid litigation and pledged to strengthen its data‑security practices.
Under the settlement, class members who can document financial losses directly tied to the breach may receive up to $10,000; those without documented losses are eligible for a smaller cash payment of about $55, subject to attorney fees. Eligible claimants must submit an online or mailed claim by 11:59 p.m. ET on September 8, 2026, and may also opt out of the settlement to pursue independent litigation by August 7, 2026. Lemonade will also provide three years of credit‑monitoring and identity‑protection services to affected customers.
The article advises victims to act quickly by placing fraud alerts, freezing credit, reviewing statements, and reporting theft to the FTC and local law enforcement. It also highlights broader industry trends, noting that in Q1 2026, the Identity Theft Resource Center logged 780 major data compromises affecting nearly 140 million people, and cites other high‑profile breaches such as AT&T’s 2024 settlement. Readers are encouraged to stay vigilant, monitor credit reports, and consider identity‑protection services to mitigate future risks.
(Source:CNBC)