CDK cyberattack: Company shuts down car dealership software across US
CDK Global, a leading software provider to U.S. car dealerships, shut down most of its systems after a cyberattack on June 19, 2024. The company took the step “out of an abundance of caution” to safeguard its clients and prevent further leakage of sensitive information targeted by the hackers.
CDK Global is a major provider of cloud-based software to automobile dealerships in the United States. Its software assists dealerships in managing vehicle acquisitions, sales, financing, insuring, repairs, and maintenance. The company serves over 15,000 retail locations across North America.
The cyberattack brought operations to a halt for thousands of car dealerships across the United States. Dealerships were unable to process sales, resulting in a significant disruption to their business activities. Some dealerships used creative measures like spreadsheets and sticky notes to facilitate small transactions and repairs.
The company shut down most of its systems to prevent further attacks. CDK Global restored its core document management system and digital retailing solutions by late afternoon on June 19. The company is continuing to conduct rigorous tests on all other applications and will inform customers as they are brought back online.
The attack was first reported by Bleeping Computer on June 19. No timeline has been provided for when the systems will be fully operational.
The cyberattack on CDK Global comes on the heels of a similar incident at Findlay Automotive Group last week. The automotive group, which operates in five states, reported that the attack had restricted its ability to conduct sales and service, according to the Las Vegas Review-Journal.
A 2023 report from CDK Global revealed that cybercriminals increasingly target car dealerships, with 17% of the 175 surveyed dealers reporting a cyberattack or incident in the previous year, up from 15% the year before. Of those dealers, 46% acknowledged that the cyberattack had resulted in negative financial or operational consequences.
CDK Global offers a three-tiered cybersecurity strategy to prevent, protect, and respond to cyberattacks. The company emphasizes employee awareness training as a crucial component in preventing cyber threats.
Car dealerships have become an alluring target due to the wealth of sensitive customer data they possess. This data includes credit applications and financial information.
As a 2023 article from insurance company Zurich North America noted, dealerships serve as a “treasure trove of information” for hackers. Furthermore, dealership systems are frequently linked to external interfaces and portals, such as external service providers, and many dealerships lack basic cybersecurity protections.
Continue reading: Bling Bishop Lamor Whitehead Sentenced for Fraud and Extortion
