Fraud Management & Cybercrime , Incident & Breach Response , Ransomware

Auto Dealers Plan July Fourth Comeback After CDK Cyberattack

Dealership Software Firm Continues Restoration Process Amid Fallout and Lawsuits
Auto Dealers Plan July Fourth Comeback After CDK Cyberattack
CDK has described the incident as a "cyber ransom event." (Image: Shutterstock)

Auto dealerships across the United States and Canada that are still reeling from a major cyberattack that crippled their systems are expected to be back online by July Fourth, just in time for the holiday sales rush, according to CDK Global.

See Also: Gartner Guide for Digital Forensics and Incident Response

The dealership software solutions company confirmed that all car dealerships will have their systems restored by early Thursday morning after a June cyberattack forced a complete shutdown of the company's dealer management system. A spokesperson for the back-end software provider, which supplies services to thousands of auto dealerships throughout North America, previously told Information Security Media Group the firm expected the restoration process would "take several days to complete" (see: CDK Begins Restoring Systems Amid Ransomware Payment Reports).

CDK declined to provide further details about an investigation into multiple cyber incidents that forced many auto dealerships to resort to traditional forms of record-keeping and manual paperwork. The company said it was "continuing to actively engage with our customers and provide them with alternate ways to conduct business" after the apparent cyberattacks.

Reports indicate that CDK was considering paying tens of millions in ransom to a hacking group called BlackSuit, which has since claimed responsibility for the incident, though the company has not confirmed whether it was in communication with the group. Automakers have reported slower sales growth in the second quarter of the year amid continued fallout from the software outages.

The company said in a Monday statement that it was continuing a "phased approach" to the restoration process and "rapidly bringing dealers live on the dealer management system."

"We anticipate all dealers' connections will be live by late Wednesday, July 3 or early morning Thursday, July 4," the statement says.

Approximately 15,000 car dealerships in the U.S. and Canada use CDK Global systems to handle records and sensitive data, including communications and negotiated deals. Estimates - including one from the consulting firm Anderson Economic Group - say the CDK cyberattacks could result in $1 billion in losses for affected dealers if the management system remains shut down through the July Fourth holiday weekend.

Another analysis from J.P. Morgan says publicly traded auto dealer groups could see a hit of up to 10% on earnings per share.

A flurry of dealerships and consumers have brought federal lawsuits against the software provider over the June 18 data breach, which CDK has since described as a "cyber ransom event." They include a lawsuit filed by Jay Kay Collision Center in the U.S. District Court for the Northern District of Illinois, claiming the system shutdown complicated its operations, and one filed in the U.S. District Court for the Southern District of Florida that seeks class action status for a Florida-based sports car shop and a Georgia-based Chevrolet dealership.

CDK said in its 2023 report that only a slim majority of car dealers are confident in their cybersecurity posture. It also said that email phishing, lack of employee awareness, and ransomware are the top three threats facing the industry.

"Protecting your data to avoid IT-related business interruptions, ransom demands and reputation damage has never been more important," the report says.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.