The Idaho Department of Finance and 52 state financial regulatory agencies have taken coordinated action against mortgage company Bayview Asset Management LLC, and three of its affiliates, Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings, for deficient cybersecurity practices and failing to comply with their examination authority following a data breach that impacted 5.8 million customers.
The $20 million settlement and corrective plan is the first collective multistate enforcement action by state regulators for a mortgage company data breach. According to a news release, the enforcement action underscores the importance of meeting state requirements to protect consumer data and complying with state supervisory demands.
State regulators in California, Maryland, North Carolina, and Washington State led the multistate effort, which found that Bayview Companies’ information technology and cybersecurity practices did not meet federal or state requirements. Furthermore, the Bayview Companies delayed the supervisory process by failing to comply with state requests in a timely and complete manner in the early stages of the examination. In addition to the monetary penalty, the Bayview Companies have agreed to take specified corrective actions, improve cybersecurity programs, undergo independent assessments, and provide three years of additional reporting to the states.
Idaho residents who have questions about the settlement should contact Erin Van Engelen at (208) 332-8000. Residents can also visit NMLS Consumer Access to verify that a company is licensed to do business in Idaho, and they may also view past enforcement actions.
