Bayview Asset Management and its affiliates have settled claims that inadequate security obstructed a state regulator’s investigation into a 2021 incident that affected 5.8 million customers.
Whether you’re refining your business model, mastering new technology, or finding a strategy to take advantage of the next market boom, Inman Connect New York prepares you to take a bold step. The next chapter is about to begin. Please join us. Join us and thousands of other real estate leaders from January 22-24, 2025.
The nation’s largest nonbank mortgage servicer faces allegations that it had poor cybersecurity practices and did not fully cooperate with state regulators following a 2021 data breach that affected 5.8 million customers. To settle the case, the company agreed to pay a $20 million fine.
In addition to the fines, Bayview Asset Management LLC and its loan servicing affiliates Lakeview Loan Servicing, Community Loan Servicing and Pingora Holdings will protect consumer data in a settlement with 53 state financial regulators announced Wednesday. agreed to implement a remediation plan to strengthen
KC Moseni
KC Mohseni, acting director of California’s Office of Financial Protection and Innovation, said in a statement that lenders and servicers are required to protect consumer data and work with state regulators when violations, intentional or unintentional, occur. I have a responsibility to do so.” “California is committed to leading the effort in collaboration with partner nations and the Council of State Banking Supervisors to hold Bayview Asset Management accountable for the data breach and remediate the identified cybersecurity deficiencies. I’m proud.”
Bayview Asset Management said in a statement that the settlement “relates to an investigation of an incident that occurred more than three years ago in which criminals gained unauthorized access to our systems.” I’m glad we can forget about this problem. ”
According to the Dec. 31 consent order, the cybersecurity breach began on Oct. 11, 2021, when an employee of Bayview or one of Bayview’s loan servicing affiliates unknowingly downloaded malware while searching the internet. Ta.
The malware remained dormant until additional malware was launched two weeks later, allowing “criminal threat actors” to extract data from October 27, 2021 to December 7, 2021. . This includes client personal information that can be used to steal personal information. ID — From your company’s network.
Bayview and its subsidiaries state that they provided the initial required consumer notification months after the incident and provided free consumer credit and identity theft monitoring to notified affected customers. Regulators also acknowledged this.
However, although Bayview and its subsidiaries have notified “numerous state and federal regulators and key trading partners about this incident,” not all state mortgage regulators have been notified. A “multi-state cybersecurity examination” will begin on Monday, regulators said.
In a May 4, 2023 report, examiners employed by mortgage regulators in California, Florida, Maryland, and Washington state that It said it found deficiencies in IT and cybersecurity practices, including vulnerability remediation monitoring and company reporting, and inadequate IT inventory tracking. , and failure to adequately encrypt certain personally identifiable information.
In addition, Bayview and its subsidiaries “initially failed to fully and completely comply with the review authority of state mortgage regulators,” the examiners said, withholding information they claimed was privileged.
State regulators said they are “entitled to access privileged and confidential information” during the investigation, including evaluations and root cause reports, and that such information will be treated as supervisory confidential information.
Hackers have targeted hundreds of companies and government agencies in recent years, in some cases taking over networks and demanding ransoms to regain access. Real estate companies and mortgage companies are no exception.
The country’s two largest title insurance companies, Fidelity National Financial and First American Financial, were forced to shut down their systems following a security breach in late 2023, and Cooper, a leading mortgage repayment service, was forced to shut down its systems after a security breach occurred in late 2023. Approximately 15 million people were notified that their personal information may have been illegally accessed. Compromised in October 2023 data breach.
Ransomware groups known as Blackcat, ALPHV, and Noberus have compromised the computer networks of more than 1,000 victims, “including networks that support critical infrastructure in the United States,” the Justice Department and FBI said on Dec. 19, 2023. I warned you with a breaking news.
In an advisory issued on the same day, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) detailed steps businesses should take to protect against ransomware attacks.
Get Inman’s Mortgage Overview Newsletter delivered straight to your inbox. Get the world’s biggest mortgage and closing news all in one place every Wednesday. Click here to subscribe.
Email Matt Carter
