A devastating cyberattack on CDK Global has forced the company to shut down most of its systems, impacting operations at more than 15,000 auto dealerships across the United States. CDK Global, a leading provider of software solutions for auto dealerships, faced a massive disruption that began on Tuesday evening, causing significant operational setbacks for its clients, including General Motors, Group 1 Automotive, and Holman.
The cyber incident began late Tuesday and prompted CDK Global to take immediate action to prevent further damage. “We are actively investigating a cyber incident,” a CDK spokesperson told CBS News. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”
By Wednesday afternoon, CDK Global reported partial restoration of its core Dealer Management System (DMS) and Digital Retailing solutions after conducting extensive tests and consulting with third-party experts. However, many other applications remained offline as the company continued its rigorous testing and recovery efforts.
The attack’s repercussions were felt nationwide, with dealerships unable to conduct regular operations. Employees turned to makeshift solutions such as spreadsheets and sticky notes to handle minor transactions and repairs. Larger transactions, however, were put on hold, causing frustration among staff and potential financial losses for dealerships.
On Reddit, dealership employees shared their experiences, confirming the widespread system outage. “How many of you are standing around because your whole shop runs on CDK?” one user asked, with responses from various states, including Wisconsin and Colorado, confirming the outage’s extensive reach.
While CDK Global has not publicly identified the perpetrators or the exact nature of the attack, there is speculation that it may have been a ransomware attack. BleepingComputer reported that the attack led to CDK taking its two data centers offline to prevent the malware’s spread. The always-on VPN configuration used by dealerships to connect to CDK’s data centers raised concerns about potential vulnerabilities in their internal networks.
An IT professional for one dealership revealed that CDK advised disconnecting the always-on VPN as a precaution. The software running on dealership devices, having administrative privileges, could have been exploited during the attack.
The attack on CDK Global is not an isolated incident in the auto industry. Just last week, Findlay Auto Group experienced a cyberattack that disrupted its operations across five states. These incidents highlight the growing threat cybercriminals pose to auto dealerships, which hold vast amounts of sensitive customer data.
A 2023 report by CDK Global noted that 17% of surveyed dealerships experienced a cyberattack in the past year, up from 15% the previous year. The attacks often result in significant operational and financial impacts, with 46% of affected dealerships reporting negative consequences.
CDK Global’s priority remains the security and restoration of its services. The company continues to conduct extensive tests on its remaining applications, ensuring they are safe before bringing them back online. “Our first priority is always the security of our customers, and our actions reflect our obligation to them as a trusted partner,” said Lisa Finney, CDK’s senior manager of external communications.
As the automotive industry grapples with this significant disruption, the attack underscores the critical need for robust cybersecurity measures. Dealerships must enhance their security protocols to safeguard against increasingly sophisticated cyber threats, ensuring they can protect sensitive data and maintain operational continuity in the face of future attacks.