CDK Global, a major software provider to over 15,000 auto dealerships across the U.S., has been severely impacted by a series of cyberattacks, causing significant disruptions in the automotive retail sector. The company, which offers crucial dealer management software (DMS) for managing sales, payroll, inventory, and other services, was forced to shut down most of its systems for several days due to the breaches.
The initial cyberattack occurred on Tuesday evening, taking down CDK’s services and halting operations at dealerships nationwide. By Wednesday afternoon, CDK had managed to restore some of its core systems, including the DMS and digital retailing solutions. However, another cyber incident later that evening led to another shutdown of most of their systems.
“We are actively investigating a cyber incident,” a CDK spokesperson told CBS News. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”
The outage has left dealerships scrambling to manage their operations without their usual digital tools. Many employees have resorted to using spreadsheets and sticky notes to handle small transactions and repairs, while larger deals have ground to a halt.
Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, told BleepingComputer, a cybersecurity news site, that the [first] attack caused CDK to take its two data centers offline at approximately 2 AM [Tuesday] night.
On Reddit, dealership employees shared their frustrations. One user from Wisconsin said, “How many of you are standing around because your whole shop runs on CDK?” Another from Colorado confirmed their dealership’s transaction systems were offline, saying, “We have sent home the entire BDC since they have nobody to call and can’t schedule service appointments.”
Mike Coding, Jaguar Land Rover Marin master certified parts manager, highlighted the operational difficulties, stating, “From a parts department, we can’t officially quote or invoice any parts. Auto replenishment type stock replacement orders are halted. Access to look at parts inventory locations is non-existent.”
Cybersecurity remains a concern in the automotive industry. The ripple effect of the attack extends beyond just dealerships, parts ordering through other systems that connect to CDK have been impacted. According to Repairer Driven News, CCC, a company providing parts ordering and repair workflow systems, confirmed it had disabled integrations with CDK. “CCC customers using CCC Parts and CCC ONE Repair Workflow may receive errors when performing certain actions within CCC ONE, and customers will not be able to receive parts quotes, place orders, or receive invoices from those dealers who utilize CDK,” CCC stated.
This incident is part of a broader trend of increasing cyberattacks. A study from data firm SOAX noted a 78% increase in data breaches in 2023 compared to the previous year, impacting over 65 million victims.
CDK’s own study revealed that 17% of dealers had experienced a cyberattack or incident in the previous year. “Cybercriminals are increasingly targeting auto retailers utilizing sophisticated methods meant to appear from secure and trusted sources. Unfortunately, human error can waylay the best-laid plans and put a dealership at serious risk,” said David LaGreca, CDK Global’s Senior Vice President and General Manager of IT Solutions.
The ongoing cyberattack on CDK Global highlights the vulnerabilities within the automotive retail sector and underscores the critical need for robust cybersecurity measures. As CDK works diligently to restore its systems and investigate the breach, dealerships continue to face significant operational challenges, emphasizing the broader impacts of cyber threats on essential business functions.
CDK’s focus remains on reinstating services and supporting their dealer customers through this unprecedented disruption. As cyberattacks become more sophisticated and frequent, the automotive industry must prioritize cybersecurity to safeguard against future threats.
