Several major car companies, including Ford and BMW, said the outage had impacted some dealers, but that sales operations continued. Photo / David Zalubowski, AP, File
Several major car companies, including Ford and BMW, said the outage had impacted some dealers, but that sales operations continued. Photo / David Zalubowski, AP, File
CDK Global, a company that provides software for thousands of auto dealers in the US and Canada, was hit by back-to-back cyberattacks last Wednesday. That led to an outage that has continued to impact operations.
For prospective car buyers, that’s meant delays at dealerships or vehicle orders written up by hand. There’s no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.
On Monday, Group 1 Automotive, a $4b (NZ$6.5b) automotive retailer, said it was using “alternative processes” to sell cars to its customers.
Lithia Motors and AutoNation, two other dealership chains, also disclosed that they implemented workarounds to keep their operations going.
What is CDK Global?
CDK Global is a major player in the auto sales industry.
“CDK is basically our operating system inside our dealerships that does all of our accounting, supports us working with lease payments, cash prices, look up parts, write up repair orders,” car dealer Thad Szott told the Detroit Free Press.
The company, based just outside of Chicago, provides software technology to dealers that helps with day-to-day operations, such as facilitating vehicle sales, financing, insurance and repairs.
CDK serves more than 15,000 retail locations across North America, according to the company.
What happened last week?
CDK experienced back-to-back cyberattacks on Wednesday. The company shut down all of its systems after the first attack out of an abundance of caution, according to spokesperson Lisa Finney, and then shut down most systems again following the second.
“We have begun the restoration process,” Finney said in an update over the weekend.
She said the company launched an investigation into the “cyber incident” with third-party experts and notified law enforcement.
Some people have been urged to consider getting identity theft insurance due to cyberattack and data theft risks. Photo / Lev Dolgachov
“Based on the information we have at this time, we anticipate that the process will take several days to complete, and in the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business,” she added.
In messages to customers, the company has also warned of “bad actors” posing as members or affiliates of CDK to try to obtain system access by contacting customers. It urged them to be cautious of any attempted phishing.
The incident bore all the hallmarks of a ransomware attack, in which targets are asked to pay a ransom to access encrypted files.
But CDK declined to comment directly — neither confirming or denying if it had received a ransom demand.
“When you see an attack of this kind, it almost always ends up being a ransomware attack,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance.
“We see it time and time again unfortunately, (particularly in) the last couple of years. No industry and no organization or software company is immune.”
Are impacted dealerships still selling cars?
Several major auto companies — including Stellantis, Ford and BMW — told The Associated Press last week that the CDK outage had impacted some of their dealers, but that sales operations continue.
In light of the ongoing situation, a spokesperson for Stellantis said on Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand.
A Ford spokesperson said the outage may cause “some delays and inconveniences at some dealers and for some customers.” However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.
“The people who’ve been around longer — you know, guys who have maybe a little salt in their hair like me — we remember how to do it before the computers,” said John Crane of Hawk Auto Group, a Westmont, Illinois-based dealership operator that uses CDK. “It’s just a few more steps and a little bit more time.”
Vehicles outside a dealership in Colorado. Dealers across North America have faced major disruption since back-to-back cyberattacks hit CDK Global, a company that provides software for thousands of auto dealers in the US and Canada. Photo / David Zalubowski, AP, File
Although impacted, Hawk Auto dealerships are still able to serve customers by “going back to the basics,” and Crane said those working in administration are still “pulling out our hair.”
He said there were stacks of paper awaiting processing — in place of orders that went through automatically on a computer overnight.
AutoNation said it also took steps to protect its systems and data, adding that all of its locations remain open “albeit with lower productivity,” as many are served manually or through alternative processes.
With many details of the cyberattacks still unclear, customer privacy was top of mind — especially with little known about what information may have been compromised this week.
For North American customers who’d bought a car from a dealership using CDK software, cybersecurity experts stressed the importance of assuming data may have been breached.
That could potentially include “pretty sensitive information,” Steinhauer said, such as social security numbers, employment history, income, and current or former addresses.
Those impacted were advised to monitor their credit — or even freeze their credit as an added layer of defence — and consider signing up for identify theft monitor insurance.
