Severe cyberattack paralyzes car dealerships in the USA

The U.S. auto industry was thrown into chaos on Wednesday after one of its leading software suppliers fell victim to a cyberattack.

Hackers broke into CDK Global’s systems late Tuesday night, potentially compromising the confidential financial data of millions of customers.

The software company shut down most of its operations at 2 a.m. Wednesday, leaving 15,000 car dealerships offline and customers angrily demanding an update.

“Our top priority is always the safety of our customers and our actions reflect our commitment to them as a trusted partner,” said CDK spokeswoman Lisa Finney.

Car dealerships use the company’s software to manage vehicle purchases, sales, financing, insurance, repairs and maintenance; customers include General Motors, Group 1 Automotive and Holman.

Finney said the company shut down most of its systems “out of an abundance of caution” and had restored its core document management system and digital retail software by Wednesday afternoon.

“We continue to conduct extensive testing of all other applications and will provide updates as soon as we bring those applications back online,” she added.

Some retailers resorted to sticky notes and hand-drawn charts to stay open.

“We’re already back online in GA,” tweeted one from Marietta at 4:53 p.m.

“We don’t have access to digital offer folders, but we could print out an offer and sell a car.”

“You would have to load everything manually.”

“Why don’t you have local replication so traders can at least perform basic functions?” asked another. “NOT A GOOD LOOK.”

“It affects Michigan, it affects the entire country. They serve about 15,000 dealers, so it’s a big outage for our industry,” said Todd Szott, president of the Detroit Auto Dealers Association.

“And hopefully it will be fixed soon.”

“It looks and feels like a ransomware incident to me,” cybersecurity expert David Derigiotis told Fox News.

“We depend on technology, we depend on software and when there are errors along the entire digital supply chain, there are ripple effects and that is exactly what we are seeing in this example here.”

The attack came just days after a separate hack that took the Findlay Automotive Group offline.

Insurance company Zurich North America warned that car dealerships were a prime target for hackers because they had a “treasure trove of information” in the form of their customers’ loan applications and financial data.

“In addition, retailers’ systems are often networked with external interfaces and portals, such as those of external service providers,” explains Zurich. Many retailers lack “basic protection mechanisms against cybersecurity.”

CDK presented figures showing that cyber hacker attacks on individual car dealerships increased from 15 to 17 percent last year.

The company boasts of offering a “three-tier cybersecurity strategy to prevent, protect against and respond to cyberattacks.”

But after the hack, which brought large parts of the car trade to a standstill, the company was harshly criticized on social media.

“Instead of paying the ransom and preventing the data from being released to the public, they shut everything down and now the data is being sold privately or given away for free and CDK’s reputation is in the trash,” tweeted @RichOffMNQ.

“The worst decision they ever made.”

“This data theft at CDK Global is a prime example of why companies should not use shared services,” said John Marcum.

“This whole #CDK situation is just crazy,” added Sarah Brown. “It’s honestly unbelievable that in 2024, companies aren’t doing their due diligence and investing in high-impact cybersecurity.”

“I really hope CDK is back online tomorrow because everyone has a lot of catching up to do because of this whole thing.”