A massive cyberattack on CDK Global, a leading software provider for car dealerships in North America, caused widespread disruptions to operations at over 15,000 dealerships across the US and Canada on June 19, 2024. The incident left employees at affected dealerships with nothing to do or forced them to revert back to traditional methods such as paper and pencil.
CDK Global offers a comprehensive SaaS platform that handles all aspects of a car dealership's operation, including CRM, financing, payroll, support and service, inventory management, and back office operations. The company uses two data centers to provide its services to clients.
The exact nature of the cyberattack is currently unknown. Some reports suggest it may have been a ransomware attack that also impacted CDK's backups. Dealerships lack basic cybersecurity protections and have interconnected systems with external interfaces and portals, making them attractive targets for hackers.
The incident follows a similar cyberattack against Findlay Automotive Group last week, which restricted the automotive group's ability to conduct sales and service. A 2023 report from CDK notes that cybercriminals are a growing threat to target car dealerships, with 17% of surveyed dealers experiencing a cyber attack or incident within the past year.
CDK Global uses a three-tiered cybersecurity strategy to prevent, protect and respond to cyberattacks. However, despite these efforts, the company was unable to prevent this massive intrusion. The incident highlights the importance of implementing robust cybersecurity measures and keeping software up-to-date to protect against potential threats.
Car dealerships are a treasure trove of sensitive customer data, including credit applications and financial information. Hackers can use this data for identity theft or sell it on the dark web. Dealerships must prioritize cybersecurity to protect their customers' information and prevent potential financial losses.