Are Houston car dealerships disrupted by nationwide cyberattacks?

NEW YORK – A massive cyberattack has hit car dealerships across the country, compromising data and affecting everything from buying new cars to repairing vehicles you already own.

MORE: Car dealerships disrupted by days-long outage after cyberattacks on software vendor

A group of hackers has claimed responsibility for the cyberattack and is demanding millions of dollars in ransom to stop the hacking.

KPRC 2 reporter TJ Parker reached out to some dealerships here in the Houston area, at least one of which was closed Saturday. If you’re planning to visit a dealership, whether to buy a car or have it serviced, you’d better call ahead.

Background

CDK Global, a company that provides software to thousands of car dealerships in the United States and Canada, was hit by back-to-back cyberattacks on Wednesday. This led to an outage that continued to affect many of their operations on Friday.

For potential car buyers, this can mean delays at dealerships or hand-written vehicle orders, with no immediate end in sight. Here’s what you need to know.

What is CDK Global?

CDK Global is a major player in the automobile sales sector. The company, based just outside Chicago in Hoffman Estates, Illinois, provides dealers with software technology that helps them with their daily operations, such as facilitating vehicle sales, financing, insurance and repairs. .

CDK serves more than 15,000 retail locations in North America, according to the company. It was not immediately clear whether all of these sites were affected by this week’s cyberattacks.

What happened this week?

CDK is “actively investigating a cyber incident” and the company has shut down all of its systems out of an abundance of caution, spokeswoman Lisa Finney said Wednesday.

CDK “conducted extensive testing,” consulted with third-party experts and restored its core DMS and digital retail solutions by the afternoon, Finney said in a prepared statement.

CDK experienced another “cyber incident” Wednesday evening, Finney said in an update the next day. “We remain vigilant in our efforts to restore our services and return our dealers to their usual operations as quickly as possible,” she said.

It is still unclear when this will happen. A recorded message from CDK on a hotline detailing updates for its customers Friday morning said “we do not have an estimated time frame for resolution – and therefore our dealer systems will not be available, likely for several days.” . Customer support channels also remain unavailable, it said.

The post added that the company was aware of “bad actors” posing as CDK members or affiliates to try to gain access to the system by contacting customers. He urged employers to be wary of any phishing attempts.

Hackers are targeting auto retail technology and software designed by the company, which plans to pay the ransom. It is unclear how many dealers are affected.

CDK claims to work with more than 15,000 points of sale in North America. While this will impact the auto industry, one cybersecurity expert says these challenges go well beyond that.

“This incident is part of a growing trend of cyberattacks against small and medium-sized businesses across the country,” said Katie Brooks. “This is truly a crime of opportunity and a crime of financial gain. And so, if there’s money involved, there’s a chance it could happen.

Are the affected dealers still selling cars?

Several major automakers – including Stellantis, Ford and BMW – confirmed to The Associated Press on Friday that the CDK outage had affected some of their dealerships, but that sales operations were continuing.

In light of the current situation, a Stellantis spokesperson said many dealers have moved to manual processes to serve their customers. This includes writing orders by hand.

A Ford spokesperson said the outage could cause “delays and inconvenience to some dealers and customers.” However, many Ford and Lincoln customers still receive sales and service assistance through alternative routes used at dealerships.

While many details about the cyberattacks remain unclear, customer privacy is also a priority – especially since little is known about what information may have been compromised this week.

In a statement sent to the AP on Friday, Mike Stanton, president and CEO of the National Automobile Dealers Association, said that “dealers are very committed to protecting their customers’ information and are actively seeking information from CDK to determine the nature and scope of the cyberattack.” incident so that they can respond appropriately.

The Associated Press contributed to this story.