BlogNews21ST JUN 2024
AuthorSamir Yawar
5 min read
News

CDK Global Cyberattack: 30,000 car dealerships remain down

Twitter
Facebook
WhatsApp
Email
LinkedIn
Feature image for CDK Global multiple breaches post

In a significant blow to the automotive industry, CDK Global, a prominent Software-as-a-Service (SaaS) platform serving car dealerships, experienced a second cyberattack on Wednesday night, just as it was beginning to restore systems from a prior breach.

The CDK Global cyberattack has shut down multiple login systems and IT systems at various car dealerships across the US.

We report on how widespread the CDK Global cyberattack has impacted systems and how the car industry has been impacted.

Details on CDK Global Data Breach


CDK Global, known for its comprehensive suite of applications managing dealership operations such as sales, back office, financing, inventory, and service support, first became aware of the initial breach on Tuesday night. This prompted an immediate shutdown of its data centers, IT systems, and login services to contain the damage.

The initial cyberattack resulted in widespread outages, crippling car dealerships’ ability to conduct normal operations, including vehicle sales and servicing. Despite beginning to restore services by bringing their Unifi modern login service back online, CDK was hit again, necessitating another shutdown late yesterday evening.

CDK Global responds after multiple attacks

CDK Global image

CDK Global announced,

We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th. Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external third-party experts."

Reports say that about 30,000 car dealerships remain down because of the CDK Global cyberattack.

Car dealerships voice concerns over growing security lapses

Brad Holton of Proton Dealership IT, associated with CDK competitor Reynolds and Reynolds, confirmed that all his customers remain affected, with CDK providing scant information about the breach.

This latest incident impacts some of the largest automotive dealers globally, including Penske Automotive Group. Penske reported that its commercial truck dealership, Premier Truck Group, has been significantly disrupted.

A recent update from CDK indicates a targeted restoration date of Friday, June 21. However, industry professionals express concerns that CDK might be rushing the restoration process, potentially increasing the risk to customers. There is fear that CDK may not be thoroughly investigating the scope of the breach before bringing systems back online, which could lead to further cyberattacks and greater data theft risks.

The impact extends beyond dealerships to car buyers and owners. Numerous customers reported being unable to purchase or service vehicles due to system outages, which handle inventory, vehicle registration, and financing through CDK's platform.

When are CDK Global systems expected to be restored?

On June 20, at 1 PM ET, CDK issued a status update stating that they could no longer estimate when systems would be restored, suggesting that the outage might continue for several more days.

"If you are not aware, we experienced an additional cyber incident late in the evening on June 19. We continue to act out of caution, and to protect our customers, we have taken down most of our systems. Do not attempt to access the DMS until we can confirm the system is secure. Digital Retail and CDK phones continue to be functional. At this time, we do not have an estimated time frame for resolution, and therefore our dealers’ systems will likely be unavailable for several days," the update read.

Lisa Finney, a spokesperson for CDK Global, has assured customers that the company is working with third-party experts to restore services swiftly. "In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible," she stated.

As the situation unfolds, the automotive industry braces for continued disruptions while CDK Global endeavors to mitigate the impact of these significant cyber incidents.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
If you suspect a phishing attempt, do not click on any links or provide any personal information. Report the suspicious message or website to your organization's IT/security team or to the appropriate authorities.