Hackers took CDK Global, one of the largest nationwide automotive dealer management software providers, for a joyride last week.
In what is becoming an all too common occurrence, a large-scale cyberattack was carried out on a Federal Holiday – this time putting the brakes on the automotive industry on Juneteenth.
CDK Global, who provides business critical software to nearly 15,000 dealerships (including all of General Motors’ retail locations) were forced offline on June 19th to investigate a massive cyberattack.
CDK Global provides a vast number of business-critical solutions for dealerships’ front and back office, fixed operations and infrastructure.
With CDK Global offline, auto dealerships across the country were forced to shut down operations for the day, including new sales, inventory management and service centers.
Some dealerships tried to weather the storm with pen and paper: choosing to handwrite contracts, estimate creditworthiness on the spot and endure communication gaps created by inaccessible customer databases.
The hack is also impacting consumers, as service centers and new car deliveries are being delayed.
CDK Global originally announced that some of their core dealership and retail systems were restored later in the day, but, after they experienced an additional cyber incident, they opted to completely shut down their systems until further notice.
While the situation is similar in target and scope to the PLAY ransomware group attack on the 2024 Arnold Clark dealerships, the two don’t seem connected with early reports indicating the BlackSuit ransomware gang is behind the hack – and that CDK Global is expected to pay tens of millions in ransom to get back online.
From the consumer side, there are no immediate reports or concerns regarding a data breach, but that doesn’t mean details won’t emerge as the situation unfolds – especially with the amount of financial, personal and business data CDK Global’s systems manage.
For those impacted by the CDK Global hack, there are crucial questions and factors to consider once systems are restored which include: watching for scammers posing as CDK, reconciling service work done offline, and verifying staff time entry.
The cyberattack on CDK Global is yet another reminder of how vulnerable businesses can be in the increasingly connected world – as well as of the importance of a strong cybersecurity and third-party risk management program. Like many other large-scale cyberattacks, hackers targeted a third-party software provider to disrupt a vast network of connected users, with many unprepared for the outage.
Perhaps the key takeaway at the moment is that these types of attacks are nothing new but are increasing in frequency and scope in each instance.
It will be interesting to see how the story unfolds and if the true cause of the hack is disclosed, but for now remember that having a robust third-party risk management and cybersecurity program, including a formalized incident response plan, are key steps you can take to be better prepared.
If your organization is impacted by the CDK Global hack, we can help. Contact a member of our Cybersecurity team at
[email protected].
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.
To learn more, visit our dedicated Cybersecurity page.
