Bayview Asset Management and its affiliates (Community Loan Servicing, Lakeview Loan Servicing, and Pingora Loan Servicing) faced a **massive data breach in 2021**, exposing the **personal identifiable information (PII) of 5.8 million individuals**, including 2.5 million borrowers. The breach stemmed from negligent cybersecurity practices, leading to prolonged legal battles, regulatory penalties, and a **$20 million fine** imposed by over 50 state regulators. Plaintiffs alleged the company failed to protect sensitive data, resulting in lawsuits demanding damages and stricter security measures. The breach triggered a **class-action settlement**, marking the near-conclusion of a **3.5-year legal dispute**, with the company agreeing to comply with federal and New York DFS cybersecurity standards to prevent future incidents.
Source: https://www.nationalmortgagenews.com/news/servicers-agree-to-settlement-on-data-breach-lawsuit
Bayview Asset Management, LLC cybersecurity rating report: https://www.rankiteo.com/company/bayview-asset-management
"id": "BAY3802138111525",
"linkid": "bayview-asset-management",
"type": "Breach",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5.8 million',
'industry': 'Asset Management / Loan Servicing',
'name': 'Bayview Asset Management',
'type': 'Financial Services'},
{'customers_affected': 'Included in 5.8 million',
'industry': 'Loan Servicing',
'name': 'Community Loan Servicing',
'type': 'Subsidiary'},
{'customers_affected': '2.5 million (subset of 5.8 '
'million)',
'industry': 'Loan Servicing',
'name': 'Lakeview Loan Servicing',
'type': 'Subsidiary'},
{'customers_affected': 'Included in 5.8 million',
'industry': 'Loan Servicing',
'name': 'Pingora Loan Servicing',
'type': 'Subsidiary'}],
'customer_advisories': 'Public notices issued by Lakeview Loan Servicing '
'(2022-03)',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '5,800,000',
'personally_identifiable_information': 'Yes (borrower PII)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_publicly_disclosed': '2022-03',
'description': 'Bayview Asset Management and three affiliates (Community Loan '
'Servicing, Lakeview Loan Servicing, and Pingora Loan '
'Servicing) experienced a data breach affecting 5.8 million '
'people between October 27, 2021, and December 7, 2021. The '
'breach exposed personally identifiable information (PII) of '
'borrowers, leading to a class-action lawsuit and a $20 '
'million regulatory penalty. The parties have agreed to a '
'settlement, subject to court approval, marking the '
'near-conclusion of a three-and-a-half-year legal battle.',
'impact': {'brand_reputation_impact': 'Significant (legal battles, regulatory '
'penalties, public disclosures)',
'customer_complaints': 'Multiple lawsuits filed by dozens of '
'plaintiffs',
'data_compromised': ['Personally Identifiable Information (PII)'],
'identity_theft_risk': 'High (PII of 5.8 million people exposed)',
'legal_liabilities': '$20 million regulatory penalty (led by '
'California, Maryland, North Carolina, and '
'Washington state regulators)'},
'investigation_status': 'Settlement agreed (subject to court approval); '
'formal agreement to be filed within 45 days (as of '
'2024)',
'post_incident_analysis': {'corrective_actions': 'Agreed to comply with '
'federal and NY DFS '
'cybersecurity standards',
'root_causes': 'Flaws in cybersecurity handling '
'(as cited by regulators)'},
'recommendations': 'Enforce cybersecurity measures to comply with federal and '
'NY DFS standards (as per regulatory agreement)',
'references': [{'source': 'Court document (settlement filing)'},
{'source': 'DBR Law, P.A. complaint (on behalf of California '
'plaintiff)'},
{'source': 'Public notices by Lakeview Loan Servicing '
'(2022-03)'},
{'source': 'Multi-state regulatory action announcement '
'(January 2024)'}],
'regulatory_compliance': {'fines_imposed': '$20,000,000 (imposed in January '
'2024 by multi-state regulators)',
'legal_actions': ['Class-action lawsuit filed by '
'dozens of plaintiffs (March '
'2022)',
'Most claims dismissed by judge '
'(December 2023)',
'Settlement agreement reached '
'(2024, subject to court '
'approval)',
'Multi-state regulatory action '
'(led by California, Maryland, '
'North Carolina, Washington)'],
'regulations_violated': ['Federal cybersecurity '
'standards',
'New York State Department '
'of Financial Services '
'standards']},
'response': {'communication_strategy': 'Public notices issued by Lakeview '
'Loan Servicing (2022-03)',
'remediation_measures': 'Agreed to comply with federal and New '
'York State Department of Financial '
'Services cybersecurity standards '
'post-breach'},
'title': 'Bayview Asset Management Data Breach (2021)',
'type': 'Data Breach'}