Utah joins $20 million multistate settlement for customer data breach by nonbank mortgage company

Utah joins $20 million multistate settlement for customer data breach by nonbank mortgage company

Utah and 52 state financial regulatory agencies have entered into a $20 million settlement agreement and taken coordinated action against mortgage company Bayview Asset Management LLC and three of its affiliates, Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings (collectively the Bayview Companies), for deficient cybersecurity practices and for not fully cooperating with state regulators following a data breach that impacted 5.8 million customers.

The settlement and corrective plan underscore the importance of meeting state requirements to protect consumer data and complying with state supervisory demands.

“The Utah Department of Financial Institutions is very sensitive to how financial institutions under our jurisdiction safeguard consumer data and maintain effective cybersecurity programs,” said Commissioner Darryle P. Rude. “The Department expects that companies utilizing consumers’ information do everything in their power to protect that information and, if a breach occurs, take appropriate action to notify and assist consumers.”

In addition to the monetary penalty, the Bayview Companies have agreed to take specified corrective actions, improve cybersecurity programs, undergo independent assessments, and provide three years of additional reporting to the states.

Utah residents with questions about the enforcement action should contact the Utah Department of Financial Institutions complaints.dfi@utah.gov. Consumers can also visit NMLS Consumer Access to verify that a company is licensed to do business in Utah, and they may also view past enforcement actions.