North American auto dealers are still grappling with significant damage caused by a cyberattack that began last week on a company whose software is widely used in the auto retail industry.
CDK Global, a company that provides software to thousands of auto dealers in the United States and Canada, suffered a series of cyberattacks on Wednesday. This resulted in a power outage that continues to impact operations.
For potential car buyers, this means delays at the dealership or handwritten vehicle orders. There is no immediate end in sight, but CDK said it expects the recovery process to take “a few days” to complete.
Group 1 Automotive Inc., the $4 billion auto retailer, said on Monday it was using “alternative processes” to sell cars to customers. Two other dealer chains, Lithia Motors and AutoNation, also revealed they had adopted workarounds to stay afloat.
Here’s what you need to know.
What is CDK Global?
CDK Global is a major player in the automotive sales industry. The company, headquartered in Hoffman Estates, Illinois, outside Chicago, provides software technology to dealers to help them run day-to-day operations, such as facilitating vehicle sales, financing, insurance and repairs.
CDK serves more than 15,000 retail locations in North America, according to the company.
What happened last week?
CDK was hit by a series of cyberattacks on Wednesday. Spokeswoman Lisa Finney said the company shut down all systems out of an abundance of caution after the first attack and then shut down most systems again after the second attack.
“We have begun the recovery process,” Finney said in a weekend update, noting that the company had launched an investigation into the “cyber incident” with third-party experts and notified law enforcement.
She added: “Based on the information we currently have, we expect the process to take several days to complete and during this period we will continue to actively engage with customers and provide them with alternative ways of conducting business.”
In a message to customers, the company also warned of “bad actors” posing as CDK members or affiliates in an attempt to gain access to systems by contacting customers. It urges them to remain vigilant against any attempts at phishing.
The incident had all the hallmarks of a ransomware attack, in which targets were demanded to pay a ransom in order to access encrypted files. But CDK declined to comment directly – neither confirming nor denying whether it had received a ransom demand.
“When you see this type of attack, it almost always ends in a ransomware attack,” said Cliff Steinhauer, director of information security and engagement at the National Cyber Security Alliance. “Unfortunately, we’ve seen this happen again and again, (especially in the past few years). No industry, no organization or software company is immune.
Are the affected dealers still selling cars?
Several major auto companies, including Stellantis, Ford and BMW, confirmed to The Associated Press last week that the CDK outage affected some of their dealers, but sales were continuing.
Given the current situation, a spokesperson for Stellantis said Friday that many dealers have turned to manual processes to serve customers. This includes handwritten orders.
A Ford spokesman added that the outage may “cause some delays and inconvenience to some dealers and some customers.” However, many Ford and Lincoln customers still receive sales and service support through alternative channels used by dealers.
“Those who have lived longer — you know, people like me who maybe have a little salt in their hair — we remember how Doing it in front of a computer “just takes a few more steps, a little more time. “
While affected Hawk Auto dealers are still able to serve customers by going “back to basics,” Crane added that those working in administrative jobs are still “crazy.” He noted that there are now piles of paper waiting to be processed, rather than orders being automatically processed overnight on a computer.
Group 1 Automotive Inc. said Monday that the incident disrupted business applications and processes in its U.S. operations that rely on CDK dealer systems. The company said it has taken steps to secure its systems and isolate them from the CDK platform.
Lithia Motors and AutoNation disclosed in regulatory filings that last week’s incident at CDK also disrupted their operations.
Lithia said it initiated cyber incident response procedures, which included “disconnecting business services between the company’s systems and CDK.” AutoNation said it has also taken steps to protect its systems and data, adding that all of its locations remain open “albeit at a lower level of productivity” as many locations are providing services manually or through alternative processes.
How do I protect myself?
With many details of the cyberattack still unclear, customer privacy is also top of mind — especially this week when so little is known about what information may have been compromised.
If you buy a car from a dealer that uses CDK software, cybersecurity experts stress it’s important to assume that your data may have been compromised. Steinhauer noted that this could include “fairly sensitive information,” such as your Social Security number, work experience, income and current or previous addresses.
Those affected should monitor their credit—or even freeze their credit as an extra layer of defense—and consider signing up for identity theft monitoring insurance. You also need to be wary of any phishing attempts. For example, it’s a good idea to make sure you have reliable contact information for the company by visiting the company’s official website, as scammers sometimes try to gain your trust through similar emails or phone calls using news about data breaches.
Steinhauer says these best practices are important to keep in mind whether you’re a victim of a CDK breach or not. “Unfortunately, in this day and age, our data is a valuable target – you have to make sure you’re taking steps to protect it,” he said.
