Massive CDK Cyberattack Cripples 15,000 Car Dealerships Nationwide

Car dealerships around the country turned to an old-school, pen-and-paper selling process in the wake of a massive cyberattack on CDK Global.

CDK Global is a dealer management system that handles multiple functions of many car dealerships’ business. This platform involves payroll processing, inventory management, customer relations, and office operations. It also enables dealers to follow leads, match buyers with financing and insurance, and process sales. This is a complete car dealership online management platform, which means a cyberattack can truly cripple the car sales market when attacked, which is exactly what happened to many CDK dealership customers.

When did the cyberattack begin?

The cyberattack was detected on Tuesday, June 18. The attack was reported by Bleeping Computer, a cybersecurity news site, reported the problem on Wednesday, June 19. This attack was so complete that it took the 15,000 car dealerships served by CDK offline.

The Tuesday attack was just the beginning of the challenge. A second attack occurred on Wednesday evening. Unfortunately, it’s still unknown who and what group is responsible for these attached.

Currently, dealers are seeing information from CDK to learn the scope of the attack and learn whether any customer information was compromised during this event. Once this information is obtained, dealers can respond to the report.

How are some car dealerships responding to this issue?

In some cases, dealerships reverted to doing business via pen-and-paper, using sticky notes and spreadsheets to handle service and small repair transactions, but not much more. Many dealerships rely so heavily on CDK Global that their entire operation is down. They can’t sell cars and won’t make large transactions that might have to be altered later. This attack is causing serious problems in the automotive industry.

Many dealership employees have posted about the CDK outage on Reddit or shared the issue on other social media sites to help customers understand the delays in processing their purchase requests.

Are cyberattacks on the rise?

It’s become common for most of us to know a friend or family member who has had their personal and private information compromised. Regardless of security measures, this has become part of our world. Unfortunately, corporate cyberattacks are on the rise, with more than 3,200 data breaches in 2023. This was a 78% increase compared to 2022, which means more than 65 million victims could be impacted by these breaches.

This cyberattack could lead to phishing attacks

Although the CDK Global customer support line has been ringing off the hook, to the point of a continuous busy signal, some “bad actors” could pose as support staff and request information from customers. These imposters might try and obtain customer credentials and information, which is a phishing attack which could lead to some customers having bank accounts and personal accounts hacked. CDK has put an automated recording in place to let customers know the outage could impact dealerships for several days.

How can companies protect themselves against cyberattacks?

Customers trust companies to protect their personal information. Buying a car requires some of the most important personal data, including SSN, driver’s license, and banking documents. It’s important that companies take steps to protect their customers. We’ll learn soon if CDK Global protected its customers or if its data was breached.

Here are some ways that companies can protect their customers and themselves against these attacks:

  • Data encryption and backups – It’s still important to ensure data is fully encrypted and backed up to prevent data loss and attacks. The encryption key must be limited to only parties that must have it and can be completely trusted with this information.
  • Regular employee training – Phishing emails are one of the most common ways for hackers to gain access to company information. Regularly training employees to recognize these emails can help keep hackers out.
  • Software and system updates – Many times, the updates provided for systems and software simply offer additional security to add features that can help protect the organization. Make sure all employees update their computer systems regularly.
  • Strong passwords – More than 80% of all organizational data breaches result from the use of weak passwords. Use strong passwords, don’t share them, and change them regularly to keep hackers out.
  • Monitor your vendors– Many companies use third-party vendors for cybersecurity. Make sure your vendor is legitimate and has security in place to keep hackers out of your systems.

This recent cyberattack on CDK Global shows just how reliant we’ve become on computers for nearly everything. It might be a good idea for many companies to have a written backup plan to continue operations in case their computer systems go down.

Leave a Reply