In an already tense car dealership market, a major disruption has emerged. CDK Global, a leading provider of cloud-based data storage and software for the car dealership industry, recently disclosed a significant cyberattack on its systems. This breach could potentially extend wait times for vehicle servicing and beyond. Bloomberg revealed on June 24 that CDK Global might be negotiating a ransom with a hacker group identified by Bleeping Computer. Penske Auto Group has confirmed that its Premier Truck Group is affected by the attack. Additional details will be provided as the story unfolds.

Details of the Cyberattack

According to USA Today, CDK Global experienced a cyberattack on June 19, which continued to affect its software and data services the following day. This incident follows another cybersecurity attack on Findlay Auto Group, a large auto retailer in the southwest, reported by the Las Vegas Review-Journal.

Widespread Impact

CDK Global provides essential software and cloud-based data storage services to nearly 15,000 dealership locations, including digital retail, financial software, marketing, and customer data management. Despite offering IT and cybersecurity solutions, the company fell victim to a cyberattack that exposed the vulnerabilities of automotive dealerships. The exact number of affected dealerships remains unclear, but given CDK’s extensive client base, the impact is likely widespread.

CDK Global’s Response

Lisa Finney, CDK Global’s senior manager of external communications, stated, “Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems. In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible.” CDK’s core Dealer Management System (DMS) and Digital Retailing solutions have been restored, prioritizing customer security.

Ransom Demands and Hacker Group Involvement

Bloomberg reported that the attack on CDK Global is a ransomware incident, with the ransom amount potentially in the “tens of millions of dollars.” Hackers are reportedly contacting CDK’s customers, posing as company representatives to gain system access. The hacker group “BlackSuit,” previously known as “Royal Ransomware,” is suspected to be behind the attack, with a history of high-profile cyberattacks, including one on the City of Dallas.

Broader Implications

The ransomware attack has far-reaching consequences beyond new car dealerships. Independent shops and collision service centers are also experiencing delays in obtaining OEM repair parts due to CDK Global’s system shutdown. Other software-as-a-service providers have blocked automated ordering to dealerships using CDK. Dealerships are resorting to insecure pen-and-paper solutions, which may expose them to traditional identity theft tactics and affect commission payments to sales staff. Customers are facing delays in vehicle registration at DMVs due to appointment backlogs.

Economic Impact

The shutdown of 15,000 dealerships could significantly impact the U.S. economy. Car dealerships accounted for 17 percent of all retail sales in May, equating to $122 billion. A 10-day disruption could result in losses between $4 billion and $16 billion, potentially depressing total U.S. retail sales by 2.3 percent and reducing Q2 GDP growth by a full percentage point.

Advice for Customers

Customers are advised to monitor their financial records closely and consider credit monitoring services or freezing their credit to prevent new accounts from being opened fraudulently. Until CDK provides more details on the breach, it is prudent to remain vigilant. Dealership operations may be temporarily halted, so contacting local dealers before visiting is recommended.

Updates will follow as more information becomes available from CDK Global and affected parties.