More than a week after a cyberattack disrupted operations for thousands of car dealerships, CDK Global is actively working to restore its software applications. The attack forced the company to shut down most of its systems, compelling some dealerships to revert to handwritten forms to maintain operations. CDK’s cloud-based software supports over 15,000 auto dealerships across North America in managing vehicle acquisitions, sales, financing, insuring, repairs, and maintenance.
CDK is implementing a phased approach to restore customer software, according to a company statement. So far, two small groups of dealers and one large publicly traded dealer group have been brought back online on its Dealer Management System (DMS). CDK is also working to reinstate additional applications and its customer care channels. The company informed customers earlier this week that it does not expect to have “all dealers live” before June 30.
Details of the Cyberattack
The cyberattack on CDK Global has been attributed to the hacking group BlackSuit, a newer cybercriminal team that evolved from the Russia-linked RoyalLocker group according to according to Reuters. Security firm Recorded Future, which identified BlackSuit, reports that the group has breached at least 95 organizations globally. Multiple outlets have reported that Allan Liska, a ransomware analyst at Recorded Future was the one who identified BlackSuit as the group., noted, “BlackSuit is a sophisticated group that poses a significant threat to various industries, including automotive dealerships.”
Cyberattacks on car dealerships are on the rise. According to a 2023 CDK report, 17% of 175 surveyed dealers experienced a cyberattack or incident in the past year, up from 15% the previous year. Of those affected, 46% reported negative financial or operational impacts. A 2023 article from insurance company Zurich North America highlighted the vulnerability of dealerships, stating, “Dealerships hold a treasure trove of sensitive customer data, from credit applications to financial information, making them prime targets for hackers.” “In addition, dealership systems are often interconnected to external interfaces and portals, such as external service providers,” according to the report, and many dealerships “lack basic cyber security protections.”
Impact on Dealerships
Dealerships have been significantly affected due to the shutdown of CDK’s systems. Thad Szott, owner of dealerships in Michigan, described the situation as dramatically impacting all five of his locations. Szott told the Detroit Free Press “Some of it is manual now. But it is much clunkier internally, more cumbersome internally, to process simple things like repair orders or work a car deal.”
Craig Schreiber, co-owner of Northtown Automotive Companies in New York, shared that his company resorted to using handwritten forms across its departments. “We had to go old school,” Schreiber explained. “Using manual forms has slowed down our processes, but it’s the only way to keep things moving.”
According to J.D. Power and GlobalData, the cyberattack likely led to a decrease in new car sales, with U.S. retail sales in June expected to be down about 5.4% compared to last year. “The impact on sales is significant,” noted a spokesperson from J.D. Power. “The disruption caused by the cyberattack has undoubtedly affected dealership operations and customer service.”
As CDK Global continues to restore its systems, the full extent of the impact on dealerships and the broader automotive industry remains to be seen. Dealerships, with their interconnected systems and often inadequate cybersecurity protections, need to enhance their defenses to prevent future incidents. “The cyber threat landscape is evolving,” said Liska. “Dealerships must prioritize cybersecurity to safeguard their operations and customer data.”
