Ohio joins $20M multistate data breach settlement with nation’s largest nonbank mortgage servicing company

Ohio and 52 state financial regulatory agencies have taken coordinated action against mortgage company Bayview Asset Management LLC, and three of its affiliates, Lakeview Loan Servicing, Community Loan Servicing and Pingora Holdings (collectively the Bayview Companies).

The action follows the discovery of deficient cybersecurity practices and the companies’ failure to comply with the agencies’ examination authority following a data breach that impacted approximately 5.8 million customers, including 138,906 Ohioans. The company previously provided consumer notifications, rolled out consumer support services and offered notified consumers the ability to receive free consumer credit and identity theft monitoring.

The $20 million fine and corrective plan is the first collective multistate enforcement action taken by state regulators for a mortgage company data breach. The enforcement action underscores the importance of meeting state requirements to protect consumer data and complying with state supervisory demands.

“This settlement highlights the commitment of the Ohio Division of Financial Institutions to protecting consumers’ personal information in the wake of data breaches,” said Kevin Allard, superintendent of the Ohio Department of Commerce’s Division of Financial Institutions. “State regulators have coordinated to hold companies accountable and demonstrate that protecting sensitive consumer data is non-negotiable. Actions like this also underscore the importance of cybersecurity compliance as a responsibility that must not be taken lightly.”

State regulators in California, Maryland, North Carolina and Washington State led the multistate effort, which found that Bayview Companies’ information technology and cybersecurity practices did not meet federal or state requirements. Furthermore, the Bayview Companies delayed the supervisory process by failing to comply with state requests in a timely and complete manner in the early stages of the examination.

In addition to the monetary penalty, the Bayview Companies have agreed to take specified corrective actions, improve cybersecurity programs, undergo independent assessments and provide three years of additional reporting to the states.

State financial regulators license and supervise more than 33,000 nonbank financial services companies through the Nationwide Multistate Licensing System (NMLS), including mortgage companies, money services businesses, consumer finance providers, and debt collectors.

Ohio residents who have questions about the settlement should contact Ohio Division of Financial Institutions at https://com.ohio.gov/divisions-and-programs/financial-institutions/cont… calling 614-728-8400. Residents can also visit NMLS Consumer Access to verify that a company is licensed to do business in Ohio, and they may also view past enforcement actions.

 
Publisher's note: A free press is critical to having well-informed voters and citizens. While some news organizations opt for paid websites or costly paywalls, The Highland County Press has maintained a free newspaper and website for the last 25 years for our community. If you would like to contribute to this service, it would be greatly appreciated. Donations may be made to: The Highland County Press, P.O. Box 849, Hillsboro, Ohio 45133. Please include "for website" on the memo line.