Maryland Office of Financial Regulation Announces Settlement with Nation’s Largest Mortgage Servicing Company for Data Breach

BALTIMORE, MD (January 10, 2025) - The Maryland Department of Labor's Office of Financial Regulation and 52 other state regulators reached a settlement with mortgage company Bayview Asset Management, LLC, and three of its affiliates-Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings-for deficient cybersecurity practices and compliance failures following a 2021 data breach. The breach impacted 5.8 million customers nationwide, including 124,000 consumers in Maryland. As part of the $20 million multistate settlement, Bayview and its three named affiliates must pay $564,000 in fees and penalties to the State of Maryland.

"In today's digital economy, safeguarding sensitive consumer data is critically important," said Secretary of Labor Portia Wu. "The Office of Financial Regulation's leadership in this multistate effort demonstrates the power of collaborative enforcement to protect all of us from cyber threats. Marylanders deserve to know that their data is protected and that the companies entrusted with their sensitive information are held to the highest standards."

The settlement agreement is the first collective enforcement action taken by state regulators for a mortgage company data breach, and regulators expect others in the industry to follow the cybersecurity standards agreed to by Bayview and its affiliates. State regulators view the settlement as a precedent for any future enforcement actions for data breaches or cybersecurity lapses.

"This settlement demonstrates how our Office and our fellow state regulators work to ensure that companies protect consumers' personal information," said Commissioner of Financial Regulation Tony Salazar. "State-licensed financial service providers must comply with regulators' requirements, and we will take action if we believe they are failing to do so."

The Office of Financial Regulation and its counterparts in California, North Carolina, and Washington State led the coordinated effort after a multistate investigation of Bayview and its affiliates found that the companies' information technology and cybersecurity practices did not meet federal or state requirements. The companies also initially failed to notify Maryland of the data breach in accordance with state regulations.

In addition to the monetary penalty, the settlement agreement requires Bayview and its affiliates to correct cybersecurity deficiencies, improve information technology programs, undergo independent assessments, and provide three years of additional reporting to the states.

The Office of Financial Regulation helps safeguard Marylanders' financial interests by enforcing the State's consumer financial protection laws. The Office supervises state-chartered banks and credit unions and state-licensed mortgage companies, money transmitters, lenders, and other financial providers. To learn more about the Office and view past enforcement actions, visit labor.maryland.gov/finance.

The Maryland Department of Labor strives to create an equitable and inclusive Maryland where all residents have the opportunities and resources to attain financial stability, reach their career potential, and contribute to their communities; where businesses have access to capital and the skilled workforce they need to succeed; where workplaces are safe and well-regulated; and where the economy is resilient and growing. For updates and information, follow Labor on LinkedIn , Twitter , Facebook , and visit our website .

MEDIA CONTACT:
Dinah Winnick