CDK Global shuts down car dealership software after cyberattack

A cyberattack on software provider CDK Global has upended operations at car dealerships across the U.S.

The company shut down most of its systems “out of an abundance of caution" for customers on Wednesday, according to spokesperson Lisa Finney. CDK restored some systems that afternoon, but another cyberattack later that evening prompted the company to take the systems offline once again, according to a letter sent to customers.

CDK started a restoration process on Saturday that is expected to take "several days" to complete, according to Finney.

With the systems down, dealerships have had to resort to manual, handwritten forms to continue operations. Finney did not respond to questions on how many dealerships were impacted, but CDK’s website says the company works with more than 15,000 retail locations across North America.

Meanwhile, on Friday afternoon, Bloomberg News reported that an insider said a group claiming to be hackers — and believed to be based in eastern Europe — is demanding tens of millions of dollars in ransom. The insider said CDK is planning to pay the ransom, according to Bloomberg News.

Ford Mustang Mach E electric vehicles are offered for sale at a dealership on June 05, 2024 in Chicago, Illinois.
Ford Mustang Mach E electric vehicles are offered for sale at a dealership on June 05, 2024 in Chicago, Illinois.

What does CDK Global do?

One of the leading providers of cloud-based software to dealerships in the country, CDK's software helps dealerships manage vehicle acquisitions, sales, financing, insuring, repairs and maintenance. The company's website says it offers a “three-tiered cybersecurity strategy to prevent, protect and respond to cyberattacks.”

How are dealers being impacted?

Craig Schreiber, one of the owners of the Northtown Automotive Companies, said the company has contingency plans in place that have allowed its dealerships near Buffalo, New York, to continue servicing and selling vehicles.

"We are able to go 'old school' as a result of our prior preparation, including the use of handwritten, manual forms in all of our departments," Schreiber said in an emailed statement. "Inevitably the disruption will result in a backlog of input once the automation comes back online, but for the time being, our operations go on."

Eric Watson, vice president of sales operations for Kia America, sent a letter to retail partners Thursday acknowledging that the shutdown is disrupting the business of "many Kia Dealers" who use CDK's platform. Watson advised dealers to use manual tools while waiting for CDK's systems to come back online.

Why are car dealerships targeted by cyberattacks?

The incident follows a cyberattack against Findlay Automotive Group last week. The automotive group – which operates in five states – said the attack restricted its ability to conduct sales and service, according to reporting from the Las Vegas Review-Journal.

A 2023 report from CDK notes that cybercriminals are a growing threat to target car dealerships, with 17% of 175 surveyed dealers experiencing a cyberattack or incident within the past year, up from 15% the year prior. Of those dealers, 46% said the cyberattack had a negative financial or operational impact.

Dealerships have been an attractive target because of the vast amounts of sensitive customer data they hold. From credit applications to customer financial information, dealerships hold a "treasure of information" to hackers, according to a 2023 article from insurance company Zurich North America.

"In addition, dealership systems are often interconnected to external interfaces and portals, such as external service providers," the report reads. And many dealerships "lack basic cyber security protections."

This article originally appeared on USA TODAY: CDK outage: Car dealerships' software shut down after cyberattack