Ohio Joins $20 Million Multistate Data Breach Settlement with Nation’s Largest Nonbank Mortgage Servicing Company

COLUMBUS, Ohio - Ohio and 52 state financial regulatory agencies have taken coordinated action against mortgage company Bayview Asset Management LLC, and three of its affiliates, Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings (collectively the Bayview Companies). The action follows the discovery of deficient cybersecurity practices and the companies' failure to comply with the agencies' examination authority following a data breach that impacted approximately 5.8 million customers, including 138,906 Ohioans. The company previously provided consumer notifications, rolled out consumer support services, and offered notified consumers the ability to receive free consumer credit and identity theft monitoring.

The $20 million fine and corrective plan is the first collective multistate enforcement action taken by state regulators for a mortgage company data breach. The enforcement action underscores the importance of meeting state requirements to protect consumer data and complying with state supervisory demands.

"This settlement highlights the commitment of the Ohio Division of Financial Institutions to protecting consumers' personal information in the wake of data breaches," said Kevin Allard, superintendent of the Ohio Department of Commerce's Division of Financial Institutions. "State regulators have coordinated to hold companies accountable and demonstrate that protecting sensitive consumer data is non-negotiable. Actions like this also underscore the importance of cybersecurity compliance as a responsibility that must not be taken lightly."

State regulators in California, Maryland, North Carolina, and Washington State led the multistate effort, which found that Bayview Companies' information technology and cybersecurity practices did not meet federal or state requirements. Furthermore, the Bayview Companies delayed the supervisory process by failing to comply with state requests in a timely and complete manner in the early stages of the examination.

In addition to the monetary penalty, the Bayview Companies have agreed to take specified corrective actions, improve cybersecurity programs, undergo independent assessments, and provide three years of additional reporting to the states.

State financial regulators license and supervise more than 33,000 nonbank financial services companies through the Nationwide Multistate Licensing System (NMLS), including mortgage companies, money services businesses, consumer finance providers, and debt collectors.

Ohio residents who have questions about the settlement should contact Ohio Division of Financial Institutions by clicking here or calling 614-728-8400. Residents can also visit NMLS Consumer Access to verify that a company is licensed to do business in Ohio, and they may also view past enforcement actions.

###

About the Ohio Division of Financial Institutions
The Division of Financial Institutions is part of the Ohio Department of Commerce. The department is Ohio's chief regulatory agency, focused on promoting prosperity and protecting what matters most to Ohioans. We ensure businesses follow the laws that help them create jobs and keep Ohioans safe. To learn more about what we do, visit our website at www.com.ohio.gov.