If you’ve used Lemonade insurance, you may be eligible for part of a $10.5 million class action settlement the online provider has agreed to after a data breach exposed personal information belonging to approximately 190,000 customers.
Under the proposed terms, class members who can document losses directly related to the incident may receive up to $10,000, while those without documented losses may qualify for a smaller cash payment.
What happened?
A class action lawsuit alleges that, between April 2023 and Sept. 18, 2024, cybercriminals were able to access customers’ driver’s license numbers and other personal information through a vulnerability in Lemonade’s insurance quote platform.
According to the complaint, the system automatically populated driver’s license numbers when someone entered basic identifying information, such as a person’s name and address.
One of the lead plaintiffs said he had never been a Lemonade customer and had never provided the company with his driver’s license information, yet he was later notified that his data had been compromised.
The lawsuit accused Lemonade of negligence and violations of multiple consumer privacy laws, including the Driver Privacy Protection Act.
Lemonade denied any wrongdoing but agreed to settle the case to avoid the expense and uncertainty of continued litigation. The company has also agreed to strengthen its data security practices.
Lemonade Auto Insurance
-
Cost
The best way to estimate your costs is to request a quote
-
App available
-
Policy highlights
Lemonade offers coverage for a variety of scenarios, including: car crashes, highway stalls, damage from fire, vandalism and weather, damaged glass and windshield, if you’re sued for liability and if your car gets stolen
Who is eligible for payment in the Lemonade settlement?
The class action settlement benefits individuals who received a data breach notification stating that their personal information may have been compromised in the Lemonade data breach that took place between April 2023 and Sept. 18, 2024.
If you believe you are eligible but didn’t receive notification, you can direct inquiries to 833-447-6429 or the settlement website.
Take action to protect your identity
Offers in this section are from affiliate partners and selected based on a combination of engagement, product relevance, compensation, and consistent availability.
Plans from $10 to $32 per month, billed annually
Protects against identity theft, fraud, spam calls and websites, viruses and malware. Offers three-credit-bureau monitoring, VPN, dark web monitoring, password manager, email aliases and instant credit lock.
How much money can I get from the Lemonade settlement?
If you can provide documentation that you suffered financial losses directly linked to the breach, you could be eligible for a payment of up to $10,000.
Class members who cannot document losses may receive approximately $55, but that amount is subject to deductions for attorneys’ fees and other costs, which could account for up to one-third of the $10.5 million settlement fund.
Lemonade is also providing three years of credit monitoring and identity protection services to affected individuals, including three-bureau credit monitoring and up to $1 million in identity theft insurance coverage.
How do I file a claim in the Lemonade data breach settlement?
Eligible class members must submit a claim online or by mail by 11:59 p.m. ET on Tuesday, Sept. 8, 2026.
Claims can be submitted at LemonadeDataDisclosureSettlement.com or printed out and mailed to:
Claims Administrator
Lemonade Inc. Data Disclosure Litigation
c/o Kroll Settlement Administration LLC
P.O. Box 225391
New York, NY 10150-5391
833-447-6429
If you don’t want to be part of the settlement or want to reserve your right to sue Lemonade independently, you’ll need to submit a written notice by Aug. 7, 2026.
When will I receive payment from the Lemonade settlement?
The final approval hearing for the Lemonade data breach class action settlement is scheduled for Sept. 10, 2026.
After attorneys are paid, the remaining funds will be distributed to impacted customers.
What to do if you’re a victim of identity theft
Whether you’re eligible to file a claim in the Lemonade settlement or not, keeping on top of identity theft is critical. If you suspect your data has been compromised, you need to act fast. The longer you wait, the more time cybercriminals have to use your identity.
Victims of the Lemonade breach said their information was used to apply for loans, access retirement accounts and make unauthorized credit card charges. So, take action as soon as you suspect your personal data has been compromised.
- Place fraud alerts with Experian, Equifax and TransUnion. A basic alert remains active for 90 days, but an extended alert can stay on your credit report for seven years.
- Consider freezing your credit to prevent new accounts from being opened in your name.
- Review your bank and credit card statements for suspicious activity.
- Report identity theft to the Federal Trade Commission and local law enforcement.
- Keep records of all communications and fraudulent transactions.
How to protect your data against hackers
Lemonade is hardly alone in falling prey to cyberattacks. In Q1 of 2026, the Identity Theft Resource Center was notified about 780 major data compromises, impacting nearly 140 million victims.
Last year, AT&T paid out $177 million to settle a class action suit stemming from a series of data breaches dating back to 2019. Plaintiffs alleged that birthdates, Social Security numbers and other data belonging to 73 million current and former customers was being sold on the dark web.
With identity theft, most strategies focus on detecting and responding to fraud after it has already occurred. But there are some preventative measures you can take, as well.
1. Follow alerts about cybersecurity incidents. If you are a customer of a targeted business, search online for details about the incident and contact the company directly for more information. Read any alerts you receive carefully and monitor your credit card statements for unusual transactions.
2. Check your credit reports. It can take a long time for an incident to be reported. The first AT&T breach took place in 2019, for example, but wasn’t confirmed by the company until 2024. Review your credit reports for signs of suspicious activity.
- Your credit card company or bank should provide updated credit score information for free.
- You can get free copies of your reports from each of the three major bureaus at AnnualCreditReport.com.
- You can get a free credit report from Experian every 30 days and CreditWise from Capital One provides free access to your TransUnion credit report. Equifax offers two free credit reports per year with myEquifax.
- For regular updates on all three reports, consider subscribing to a paid identity theft protection service like PrivacyGuard® or Experian IdentityWorks℠.
PrivacyGuard®
-
Cost
$9.99 to $24.99 per month
-
Credit bureaus monitored
Experian, Equifax and TransUnion
-
Credit scoring model used
-
Dark web scan
Yes, for Identity and Total Protection plans
-
Identity insurance
Yes, up to $1 million for Identity and Total Protection plans
Experian IdentityWorks℠
-
Cost
Basic: Free; Premium: 7-day trial, after $24.99 per month; Family: 7-day trial, after $34.99 per month
-
Credit bureaus monitored
1-bureau credit monitoring, alerts and reports: Experian, with Basic plan only and 3-bureau credit monitoring, alerts and reports: Experian, Equifax and TransUnion®, with Premium and Family plans only
-
Credit scoring model used
FICO® Score 8, with all plans
-
Dark web scan
-
Identity theft insurance
Yes, up to $1 million with all plans
*Identity Theft Insurance underwritten by insurance company subsidiaries or affiliates of American International Group, Inc. (AIG). The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.
3. Get a password manager. Password managers store your usernames, passwords and email addresses. Services like Keeper and Dashlane add dark web monitoring, email masking and other benefits.
Keeper
-
Cost
Keeper Free: $0; Keeper Unlimited: $3.58 per user per month; Keeper Family: $7.67 per month; Business plan: $2.00 to $6.00 per month
-
Standout features
Allows importing from other password managers, adjusts auto-fill preferences for individual websites and allows for one-time password sharing
-
Offers free version
-
Availability
Available for web, desktop, and mobile devices.
-
Security features
Uses a zero-knowledge approach, government-standard AES-256 encryption, supports multi-factor authentication and biometrics, and performs quarterly third-party security penetration testing
Pros
- Helps you securely share passwords and files
- Offers unlimited password storage
- Supports fingerprint and Face ID login
- Password strength report
Cons
- Free version is limited to one mobile device
- Less Intuitive Interface
- Dark web monitoring and file storage only available on paid plans
Dashlane
-
Cost
Premium: $5.42 per month, includes VPN; Friends & family: $8.13 per month; Business plan: $8.00 per month; All prices are per month with annual billing selected
-
Standout features
The premium plan provides access to VPN, password health checker, dark web monitoring and allows you to securely store sensitive documents.
-
Offers free version
-
Availability
Available for web and mobile devices.
-
Security features
Uses a zero-knowledge approach, government-standard AES-256 encryption, multi-factor authentication, support for biometrics and has passed third-party security audits.
Pros
- Includes VPN in subscription
- MFA support
- Dark web monitoring
- Offers file storage
- Real-time scam protection
Cons
- Free version is limited to one device and 25 stored logins
- More expensive than some other competitors
- Lacks desktop app
4. Freeze your credit. Even if you’re not part of a recent data breach, freezing your credit reports prevents anyone from opening a new account in your name. There is no effect on your credit score or existing accounts and you can unlock your accounts when you want to apply for a credit card or loan or sign a lease.
Identity monitoring service Aura can also freeze your credit without requiring you to contact the credit bureaus. It also offers a range of other security features, including a password generator, email aliases, a VPN, robocall filters and malware protection.
Aura
-
Cost
Kids: $13 per month or $10 per month billed annually; Individual: $15 per month or $12 per month billed annually; Couple: $29 per month or $22 per month billed annually; Family: $50 per month or $32 per month billed annually
-
Standout features
Protects against identity theft, fraud, spam calls and websites, viruses and malware. Offers three credit bureau monitoring, VPN, dark web monitoring, password manager, email aliases and instant credit lock.
-
Identity theft insurance
All plans include at least $1 million and white-glove fraud remediation
Pros
- 14-day free trial
- Family plan includes up to 5 adults and an unlimited number of kids
- Discount if you buy an annual plan
- Up to $1 million to cover losses or expenses related to identity theft
Cons
- Doesn’t monitor social media accounts
- Annual plans can only be canceled in the first 60 days for a money-back guarantee
FAQs
Who can file a claim in the Lemonade data breach settlement?
Anyone whose driver’s license number was exposed in the incident should have received an email with details on the Lemonade settlement. If you believe you are eligible or aren’t sure, you can call 833-890-4930 or file an inquiry on the settlement website.
When is the deadline to file a claim?
Eligible class members must submit a claim online or by mail by Tuesday, Sept. 8, 2026. Claims can be submitted at LemonadeDataDisclosureSettlement.com or printed out and mailed to the address above.
If you don’t want to be part of the settlement or want to reserve your right to sue Lemonade independently, you’ll need to submit a written notice by Aug. 7, 2026.
How much money can I get from the Lemonade settlement?
If you can prove that you suffered financial losses directly linked to the breach, you could be eligible for a payment of up to $10,000.
Class members who cannot document losses may receive approximately $55 in cash payments, but that’s dependent on the number of people who file claims, as well as deductions for attorneys’ fees and other legal costs, which could take up one-third of the $10.5 million settlement fund.
Subscribe to the CNBC Select Newsletter!
Money matters — so make the most of it. Get expert tips, strategies, news and everything else you need to maximize your money, right to your inbox. Sign up here.
Why trust CNBC Select?
At CNBC Select, our mission is to provide our readers with high-quality service journalism and comprehensive consumer advice so they can make informed financial decisions. Every cybersecurity article is based on rigorous reporting by our team of expert writers and editors. While CNBC Select earns a commission from affiliate partners on many offers and links, we create all our content without input from our commercial team or any outside third parties, and we pride ourselves on our journalistic standards and ethics.
Catch up on CNBC Select’s in-depth coverage of credit cards, banking and money, and follow us on TikTok, Facebook, Instagram and Twitter to stay up to date.
Editorial Note: Opinions, analyses, reviews or recommendations expressed in this article are those of the Select editorial staff’s alone, and have not been reviewed, approved or otherwise endorsed by any third party.
