close
close

CDK cyberattack paralyzes car dealerships across the US. Here’s what you need to know.

What to do if you think your personal information has been hacked?


What to do if you think your personal information has been hacked?

03:12

CDK Global, a company that provides software to manage sales and other services to car dealerships across the United States, was hacked, causing the company to temporarily shut down most of its systems.

This effectively prevents about 15,000 car dealerships from making sales. General Motors dealers rely on CDK’s systems, as does Group 1 Automotive, an auto dealership with hundreds of dealerships across the U.S. Holman, with dealerships in eight U.S. states, is another CDK customer.

“We are currently actively investigating a cyber incident,” a CDK spokesperson told CBS News on Wednesday. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything back up and running as quickly as possible.”

Later Wednesday afternoon, CDK announced that some of its systems were operational again after conducting tests and consulting with outside experts.

“The work completed to date has restored our core (merchant management system) and digital retailing solutions. We continue to conduct extensive testing of all other applications and will provide updates as we bring those applications back online,” CDK said in a statement to CBS MoneyWatch.

However, CDK told CBS MoneyWatch on Thursday afternoon that its systems were offline again after the company fell victim to another cyberattack on Wednesday.

“Late in the evening of June 19, another cyber incident occurred and we proactively shut down most of our systems,” the spokesperson said. “Working with outside experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to restore our services and return our merchants to normal business operations as quickly as possible.”

Calls to a CDK customer hotline consistently received a busy signal, but the company’s automated recording said the outage could impact dealers for days, according to PC Mag. The message told callers: “At this time, we do not have an estimated time frame for resolution and as a result, our dealers’ systems will likely be unavailable for several days,” the publication reported.

The number of cyberattacks has increased in the last year. According to a new study by data firm SOAX, there were more than 3,200 data breaches in 2023, a 78% increase from the previous year. These breaches affected more than 65 million victims last year, it added.

CDK’s Dealer Management System (DMS) is a hub that allows companies to monitor their operations through a single interface, while the company’s retail tools enable dealers to conduct business online and in showrooms.

What is CDK?

CDK provides dealers with tools to manage payroll, inventory and office operations.

The company also touts its cybersecurity capabilities on its website. “CDK Cybersecurity Solutions offers a three-tier cybersecurity strategy to prevent, protect and respond to cyberattacks so you can defend your dealership,” it says.

When did the cyber attack begin?

The cyberattack on CDK Global began on Tuesday evening, cybersecurity news site Bleeping Computer reported on Wednesday. The 15,000 car dealerships it serves went offline as a result.

As mentioned above, CDK stated that it had fallen victim to another cyberattack on Wednesday evening.

It is currently unknown who or which group is behind the cyber attack.

How do the dealers react?

Some retailers appeared to be getting creative to keep doing business despite the outage. Retailer employees posted on Reddit about the outage on Wednesday, sharing that they had been relying on spreadsheets and sticky notes to sell customers small parts and make repairs, but hadn’t seen much sales.

One employee asked other dealership employees, “How many of you are standing around because your entire store is running on CDK?” under the headline “CDK down,” with users in Wisconsin and Colorado confirming that their dealership transaction systems were offline.