A major cyberattack has crippled the systems of CDK Global, a leading provider of software solutions for automotive dealerships across North America. On Wednesday, the company was forced to shut down most of its systems as a precautionary measure, impacting operations at over 15,000 car dealerships that rely on its services.
CDK Global’s software plays a crucial role in managing various aspects of dealership operations, including vehicle acquisitions, sales, financing, insurance, repairs, and maintenance. The company boasts a “three-tiered cybersecurity strategy” aimed at preventing, protecting against, and responding to cyberattacks.
In the wake of the incident, Bloomberg reports that the company has been working to restore its core document management system and digital retailing solutions. However, extensive testing is ongoing for other applications before they can be brought back online, according to CDK spokesperson Lisa Finney.
The attack has left dealerships across the United States grappling with disruptions, forcing them to resort to manual processes for tasks like writing up orders and delaying purchases already in the system. This comes at a particularly inopportune time, as the summer months are typically considered the peak “car buying season.”
Cyberattacks are becoming more pronounced especially ones targeting car dealerships, which possess vast amounts of sensitive customer data, including credit applications and financial information. According to USA Today, a report posted online by CDK Global in 2023 revealed that 17% of surveyed dealerships experienced a cyberattack or incident within the past year.
Cybercriminals find dealerships particularly attractive targets due to the interconnected nature of their systems and the potential treasure trove of personal and financial data they hold. Many dealerships also lack robust cybersecurity protections, making them vulnerable to attacks.
While details about the nature of the attack remain scarce, the company’s response of taking data centers offline suggests an attempt to contain the spread of a potential ransomware attack. Ransomware incidents have become increasingly common in the automotive industry, with another dealership group, Findlay Automotive Group, recently falling victim to a similar attack.
