The company, which provides software for thousands of car dealers in the US and Canada, was hit by consecutive cyberattacks, leading to an ongoing outage that has affected operations
Car dealerships across North America are grappling with significant disruptions following cyberattacks on CDK Global, a software company widely used in the auto retail sales sector.
The company, which provides software for thousands of car dealers in the US and Canada, was hit by consecutive cyberattacks last Wednesday, leading to an ongoing outage that has affected operations. This has resulted in delays at dealerships and vehicle orders being manually written up, with no immediate resolution in sight. CDK anticipates the restoration process will take “several days” to complete.
On Monday, Group 1 Automotive Inc. , a $4billion automotive retailer, revealed it was continuing to use “alternative processes” to sell cars to its customers. CDK Global is a key player in the auto sales industry, providing software technology to dealers that assists with daily operations such as facilitating vehicle sales, financing, insurance, and repairs. Based just outside Chicago in Hoffman Estates, Illinois, CDK serves over 15,000 retail locations across North America.
Last Wednesday, CDK experienced consecutive cyberattacks, prompting the company to shut down all of its systems as a precautionary measure, according to spokesperson Lisa Finney. “We have begun the restoration process,” declared Finney, highlighting the companys proactive strides over the weekend. Theyve delved deep into the cyber incident with the aid of external specialists and have kept law enforcement in the loop.
“Based on the information we have at this time, we anticipate that the process will take several days to complete, and in the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business,” she added.
Clients have been nudged by the company’s communications, cautioning them against deceitful “bad actors” impersonating CDK representatives, aiming to snag system access by approaching their clients. Phishing vigilance has been recommended. Signs are pointing towards a ransomware strikea type of cyber onslaught where victims are coerced into paying to decrypt their files; however, CDK is tight-lipped about it, neither acknowledging nor denying whether any ransom demands have been made.
Top-tier auto magnates such as Stellantis, Ford, and BMW have verified just last week that CDKs digital disruptions have ripple effects on some of their outlets, yet assurance has been given that car sales push forward. Stellantis, facing the brunt of the circumstances, disclosed on Friday that numerous dealers had reverted to old-school manual methods to cater to their clientele, including the good ol’ pen and paper for taking down orders.
A spokesperson for Ford has warned that the outage may result in “some delays and inconveniences at some dealers and for some customers.” Despite this, many Ford and Lincoln customers are still receiving sales and service support through alternative methods being utilised at dealerships.
Group 1 Automotive Inc. , which owns a total of 202 car dealerships, 264 franchises, and 42 collision centres across the US and the UK, announced on Monday that the incident has disrupted its business applications and processes in its US operations that depend on CDK’s dealer systems.
The company stated that it has taken steps to safeguard and isolate its systems from CDK’s platform. The company confirmed on Monday that all Group 1 US dealerships will continue to operate using alternative processes until CDK’s dealer systems are back online. It was also noted that Group 1’s dealerships in the UK do not use CDK’s dealer systems and therefore have not been affected by the incident.
As many details about the cyberattacks remain unknown, concerns over customer privacy are paramount – particularly given the uncertainty surrounding what information may have been compromised during this week.
Mike Stanton, president and chief executive of the National Automobile Dealers Association, said in a statement that “dealers are very committed to protecting their customer information and are actively seeking information from CDK to determine the nature and scope of the cyber incident so they can respond appropriately.”
