Oregon joins other states in levying $20 million penalty against nation’s largest nonbank mortgage servicing company

Jan. 8, 2025

Salem – Oregon was one of the financial regulatory agencies from 53 states and territories to take coordinated action against mortgage company Bayview Asset Management LLC, and three of its affiliates – Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings (collectively the Bayview Companies). The agencies took action against the companies for cybersecurity deficiencies and failure to cooperate fully with state regulators following a data breach that impacted 5.8 million customers nationwide, including more than 95,000 Oregonians.

The $20 million penalty and required corrective actions highlight the critical need to comply with state regulations protecting consumer data and addressing state supervisory requirements.

“State collaboration is crucial when addressing data breaches of this scale," said TK Keen, Division of Financial Regulation (DFR) administrator. “Thank you to the states that led this action. Oregon will continue to help in any way possible to protect consumers' important information."

State regulators in California, Maryland, North Carolina, and Washington state led the multistate effort, which found that Bayview Companies' information technology and cybersecurity practices did not meet federal or state requirements. Furthermore, the Bayview Companies delayed the supervisory process by failing to comply with state requests in a timely and complete manner in the early stages of the examination.

In addition to the monetary penalty, the Bayview Companies have agreed to take specified corrective actions, improve cybersecurity programs, undergo independent assessments, and provide additional reporting to the states over the next three years.

State financial regulators license and supervise more than 33,000 nonbank financial services companies through the Nationwide Multistate Licensing System (NMLS), including mortgage companies, money services businesses, consumer finance providers, and debt collectors.

People can also visit NMLS Consumer Access to verify that a company is licensed to do business in Oregon or to review any past enforcement actions.

###

About Oregon DFR: The Division of Financial Regulation protects consumers and regulates insurance, depository institutions, trust companies, securities, and consumer financial products and services. The division is part of the Department of Consumer and Business Services, Oregon's largest consumer protection and business regulatory agency. Visit dfr.oregon.gov and dcbs.oregon.gov.