The US auto industry was thrown into chaos on Wednesday after a cyberattack targeted one of its major software suppliers.
Hackers broke into CDK Global’s systems late on Tuesday night, potentially putting the sensitive financial details of millions of customers at risk.
By Wednesday morning, the software company had shut down most of its operations, leaving 15,000 auto retailers offline and customers angrily demanding an update.
“Our first priority is always the safety of our customers, and our actions reflect our obligation to them as a trusted partner,” said CDK spokesperson Lisa Finney.
Dealers use the company’s software to manage vehicle acquisitions, sales, financing, insurance, repairs and maintenance, and its customers include General Motors, Group 1 Automotive and Holman.
General Motors is one of the dealerships using hacked CDK systems
Finney said it shut down most of its systems “out of an abundance of caution” and had restored its central document management system and digital retail software by Wednesday afternoon.
“We continue to conduct extensive testing on all other applications and will provide updates as we bring them back online,” he added.
Some merchants were turning to sticky notes and hand-drawn spreadsheets to stay open.
“We’re back online in GA,” one from Marietta tweeted at 4:53 p.m.
‘We can’t access digital offers, but we can print an offer and sell a car.
“You would have to upload everything manually to do that.”
‘Why don’t they have local replication so that at least the distributors can perform basic functions?’ demanded another. “IT’S NOT A GOOD LOOK.”
“Our first priority is always the safety of our customers, and our actions reflect our obligation to them as a trusted partner,” said CDK spokesperson Lisa Finney.
The attack took place just days after another attack that took Findlay Automotive Group offline.
Insurance company Zurich North America warned that dealerships are a prime target for hackers because they possess a “treasure trove of information” about customers’ credit applications and financial information.
“In addition, dealership systems are often interconnected to external interfaces and portals, such as third-party service providers,” Zurich explained, and many dealerships lack “basic cybersecurity protections.”
CDK presented figures suggesting that hacker attacks on individual car dealerships increased from 15 to 17 percent last year.
It boasts of offering a “three-tier cybersecurity strategy to prevent, protect and respond to cyberattacks.”
But he was criticized on social media after the attack that paralyzed much of the auto retail industry.
“Instead of paying the ransom and not allowing the data to be leaked, they shut everything down and now the data will be sold privately or leaked for free and CDK’s reputation is down the drain,” tweeted @RichOffMNQ.
“Worst decision they’ve ever made.”
“This whole #CDK situation is crazy,” Sarah Brown added. “Honestly, it is mind-boggling that in 2024 companies are not doing their due diligence to invest in high-performing cybersecurity.
“I really hope CDK is back up and running tomorrow, because of the amount of work everyone is going to have to do to catch up on all this stuff.”