Car dealerships in North America are still grappling with major disruptions that began last week with cyberattacks on a company whose software is widely used in the auto retail sector.
CDK Global, a company that provides software to thousands of auto dealers in the United States and Canada, was hit with back-to-back cyber attacks on Wednesday. This resulted in an outage that continues to impact operations.
For potential car buyers, this means delays at dealerships or hand-booked vehicle orders. There is no immediate end in sight, but CDK says it expects the recovery process to take “several days.”
On Monday, Group 1 Automotive Inc., a $4 billion auto retailer, said it is using “alternative processes” to sell cars to its customers. Two other dealership chains, Lithia Motors and AutoNation, also said they had implemented workarounds to continue operations.
This is what you need to know.
What is CDK Global?
CDK Global is a major player in the automotive sales industry. The company, based near Chicago in Hoffman Estates, Illinois, provides dealers with software technology that helps with day-to-day operations such as vehicle sales, financing, insurance and repairs.
According to the company, CDK serves more than 15,000 retail locations throughout North America.
What happened last week?
On Wednesday, CDK was hit by a spate of cyber attacks. The company shut down all of its systems after the first attack out of an abundance of caution and then shut down most systems again after the second, spokeswoman Lisa Phinney said.
“We have begun the recovery process,” Finney said in a message over the weekend, noting that the company has launched an investigation into the “cyber incident” with outside experts and has notified law enforcement.
“Based on the information we have at this time, we expect this process to take several days, and in the meantime we continue to actively engage with our customers and provide them with alternative ways to conduct business,” she added.
In messages to its customers, the company also warns of “attackers” posing as CDK members or affiliates to try to gain access to the system by contacting customers. He urged them to be wary of any phishing attempts.
The incident had all the hallmarks of a ransomware attack, in which victims are asked to pay a ransom to gain access to encrypted files. But CDK declined to comment directly, neither confirming nor denying receipt of the ransom demand.
“When you see an attack of this nature, it almost always ends up being a ransomware attack,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. “Unfortunately, we see this over and over again, (especially in) the last couple of years. No industry, organization or software company is immune.”
Are the affected dealerships still selling cars?
Several major auto companies, including Stellantis, Ford and BMW, confirmed to The Associated Press last week that the CDK failure had affected some of their dealers, but sales were continuing.
In light of the current situation, a Stellantis spokesperson said Friday that many dealerships have moved to manual customer service processes. This includes writing orders by hand.
A Ford spokesperson added that the outage may cause “some delays and inconvenience for some dealers and some customers.” However, many Ford and Lincoln customers still receive sales and service support through alternate dealership routes.
“People who have been here longer – you know, guys who maybe have a little salt in their hair like me – we remember how to do this before computers,” said John Crane of Hawk Auto Group, Westmont, State. Illinois. dealer operator using CDK. “It’s just a few more steps and a little more time.”
While affected Hawk Auto dealerships are still able to serve customers by “getting back to basics,” Crane added that those in administration are still “pulling their hair out.” He notes that instead of orders being automatically processed overnight on a computer, there are stacks of paperwork waiting to be processed.
Group 1 Automotive Inc. said Monday that the incident disrupted its business applications and processes in its U.S. operations that rely on CDK dealer systems. The company said it has taken measures to secure and isolate its systems from the CDK platform.
Lithia Motors and AutoNation said in regulatory filings that last week’s incident at CDK also disrupted their operations.
Lithia said it activated cyber incident response procedures, which included “disruption of business service connections between the company’s systems and CDK.” AutoNation said it has also taken steps to protect its systems and data, adding that all of its offices remain open, “albeit at a lower capacity” as many are maintained manually or through alternative processes.
HOW CAN I PROTECT MYSELF?
With many details of the cyberattacks still unclear, customer privacy is also a focus — especially since little is known about what information may have been compromised this week.
If you bought a car from a dealer that uses CDK software, cybersecurity experts stress that it’s important to assume your data may have been compromised. This could potentially include “fairly sensitive information,” Steinhauer noted, such as your Social Security number, employment history, income and current or former addresses.
Those affected must monitor their credit—or even freeze their credit as an added layer of protection—and consider signing up for theft detection insurance. You should also be wary of any phishing attempts. It’s best to make sure you have reliable contact information for the company by visiting its official website, for example, as scammers sometimes try to take advantage of news of data breaches to gain your trust through look-alike emails or phone calls.
These are some guidelines to keep in mind whether you are a victim of the CDK data breach or not, Steinhauer said. “Unfortunately, our data is a high-value target these days – and you need to make sure you’re taking steps to protect it,” he said.