Michigan Part of $20 Million Multistate Data Breach Enforcement Action Against Nation’s Largest Nonbank Mortgage Servicing Company

Media Contact: DIFS-press@michigan.gov
CSBS Media Contact: Susanna Barnett, 202-608-3143
Consumer Hotline: 833-ASK-DIFS, AutoInsurance@michigan.gov
Consumer Hotline: 877-999-6442, Michigan.gov/DIFScomplaints

FOR IMMEDIATE RELEASE: January 8, 2025

(LANSING, MICH) Michigan joined 52 state financial regulatory agencies in a coordinated enforcement action against mortgage company Bayview Asset Management LLC, and three of its affiliates, Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings (collectively the Bayview Companies), for failing to maintain sufficient cybersecurity practices and for not fully cooperating with state regulators following a data breach that impacted 5.8 million customers.

Michigan will receive nearly half a million dollars from the $20 million monetary penalty earmarked for enforcement. This enforcement action underscores the importance of compliance with regulatory requirements to protect consumer data and cooperating with state regulators.

"Data breaches are on the rise across the nation. The Department will use its regulatory authority to ensure that companies safeguard consumer data and maintain effective cybersecurity programs," said DIFS Director Anita Fox. "We expect licensees to communicate with their regulators when a data breach occurs, so swift action can be taken to safeguard consumers. Joining in this enforcement action demonstrates that DIFS is committed to ensuring that consumer data is protected and to protecting consumers in the event of a cyberattack or data breach."

State regulators in California, Maryland, North Carolina, and Washington State led the multistate effort, which found that Bayview Companies’ information technology and cybersecurity practices did not meet state or federal requirements. Furthermore, the Bayview Companies impeded the supervisory process by failing to comply with state requests in a timely and complete manner in the early stages of the examination.

In addition to the monetary penalty, the Bayview Companies have agreed to take specified corrective actions, improve cybersecurity programs, undergo independent assessments, and provide three years of additional reporting to the states.

State financial regulators license and supervise more than 33,000 nonbank financial services companies through the Nationwide Multistate Licensing System (NMLS), including mortgage companies, money services businesses, consumer finance providers, and debt collectors.

Michiganders who have questions about the settlement should email DIFS-FIN-INFO@Michigan.gov. Residents can also visit NMLS Consumer Access to verify that a company is licensed to do business in Michigan, and they may also view past enforcement actions.

The mission of the Michigan Department of Insurance and Financial Services is to ensure access to safe and secure insurance and financial services fundamental for the opportunity, security, and success of Michigan residents, while fostering economic growth and sustainability in both industries. In addition, the Department provides consumer protection, outreach, and financial literacy and education services to Michigan residents. For more information, visit Michigan.gov/DIFS or follow the Department on Facebook, X, or LinkedIn.

####