In a decisive move to protect consumer data, Illinois, along with 52 other state financial regulatory agencies, has imposed a hefty $20 million penalty on Bayview Asset Management LLC and its affiliates, Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings, known collectively as the Bayview Companies. This punitive action comes as a result of the companies' subpar cybersecurity measures and their failure to fully cooperate with state regulators after a data breach that affected approximately 5.8 million customers, as reported by the State of Illinois. The news comes directly from an official press release on the Illinois government website.
The action taken aims to serve as a stark reminder about the gravity of cybersecurity and the consequences of non-compliance. The multi-state investigation, led by regulators in California, Maryland, North Carolina, and Washington State, discovered that the Bayview Companies did not to sufficiently meet the strict federal and state requirements for information technology and cybersecurity. Moreover, during the initial examination phases, the companies delayed the supervisory process by not complying promptly and thoroughly with state inquiries. According to the State of Illinois, the $20 million fine is complemented with an agreement by the Bayview Companies to take corrective actions, heighten cybersecurity programs, undergo independent assessments, and provide an additional three years of reporting to the states.
IDFPR Secretary Mario Treto, Jr. emphasized the state’s commitment to consumer data security stating, "Safeguarding the personal information of Illinois consumers is a top priority for the Illinois Department of Financial and Professional Regulation (IDFPR)," the State of Illinois noted. He also encouraged companies to engage with IDFPR's Division of Banking to ensure they are fully protecting their customers.
