A significant cyberattack has disrupted the operations of thousands of auto dealerships across the United States and Canada, shutting down their computer systems and leaving many without essential services.
According to CBS, the breach has impacted CDK Global, a major data provider for around 15,000 auto dealers, including those under the General Motors (GM) umbrella. CDK Global has labeled the incident a “cyber incident” and is actively working to restore full service. While some systems have been brought back online by Wednesday evening, the timeline for complete restoration remains unclear.
Dealerships were first notified of the cyberattack around 2 a.m. Eastern Time, followed by a detailed update at 8 a.m. confirming the incident and outlining the shutdown. This alert was disseminated to all dealerships subscribed to CDK’s critical alerts system.
The alert from CDK Global reads: “Dear Valued Customers, we are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems. We are currently assessing the overall impact and currently have no ETA. Please know our teams are working hard to get everything up and running, and we will update as information is available. Sincerely, CDK Customer Care”
CDK Global is a leading provider of integrated data and technology solutions to the automotive retail industry. Their services include dealer management systems, digital marketing, and software solutions aimed at enhancing dealership efficiency and customer engagement.
Dealerships affected by the outage have expressed their frustration on CDK Global’s corporate Facebook page: “CDK Global… you have 15,000 dealerships in your roster and an entire workday has now passed yet you haven’t posted a status update to address the recent cyberattack that has brought your clients to their knees. Not a good look, especially in the auto industry,” wrote Michael Johnson. “Costing us money every minute it’s down…old school pen and paper and hope for the best,” added Nick Sherman.
CDK Global has confirmed it is making progress on resolving the issue. “With the work done so far, our core dealer management system and Digital Retailing solutions have been restored. We are continuing to conduct extensive tests on all other applications and will provide updates as we bring those applications back online,” CDK stated to CBS MoneyWatch.
At the same time the cyberattack is rather ironic, as in 2021 CDK Global released an entire report about cybersecurity at auto dealerships. “Your network and internet connectivity are the backbone of your dealership. These critical systems and pipelines must be secure for you to do business and satisfy your customers on a daily basis. Some dealers believe that security isn’t important because it doesn’t generate revenue. That is, at best, outdated thinking. While it may be true that cybersecurity isn’t a money maker, there are many successful dealers who would agree that if the computer systems aren’t secure, then everything else will fall apart,” states a part of this report.
The extent of the impact in Canada remains uncertain, but approximately 9% of CDK Global’s clients are Canadian dealerships, indicating a significant number are likely affected.
This incident highlights the vulnerabilities in the digital infrastructure of critical service providers and the ripple effects that such breaches can have on the automotive industry. Dealerships are now grappling with the operational and financial fallout as they await the full restoration of services. And while no company out there can make sure that its cybersecurity is up to the level, this is yet another reminder of the dangers of cybercrime.