The US auto industry was thrown into chaos on Wednesday after a cyber attack targeted one of its leading software suppliers.
Hackers broke into CDK Global’s systems late Tuesday evening, potentially compromising the sensitive financial data of millions of customers.
The software company had halted most operations by 2 a.m. on Wednesday, leaving 15,000 auto retailers offline and customers angrily demanding an update.
“Our first priority is always the safety of our customers, and our actions reflect our obligation to them as a trusted partner,” said CDK spokeswoman Lisa Finney.
Dealers use the company’s software to manage the purchase, sale, financing, insurance, repair and maintenance of vehicles. Customers include General Motors, Group 1 Automotive and Holman.
General Motors is one of the dealers using the hacked CDK systems
Finney said it shut down most of its systems “out of an abundance of caution” and had restored its core document management system and digital retail software by Wednesday afternoon.
“We continue to conduct extensive testing on all other applications, and we will provide updates as we bring those applications back online,” she added.
Some dealers returned to Post-it notes and hand-drawn spreadsheets to stay open.
“We’re already back online in GA,” Marietta tweeted at 4:53 p.m.
‘We don’t have access to digital deal jackets, but we can print a deal and sell a car.
“That would require me to load everything manually.”
“Our first priority is always the safety of our customers, and our actions reflect our obligation to them as a trusted partner,” said CDK spokeswoman Lisa Finney
“Why don’t you have local replication so that dealers can at least perform basic functions?” asked another. ‘NOT A GOOD LOOK.’
“It’s Michigan, it’s the entire country – about 15,000 dealers they serve, so this is a major disruption in our industry,” said Todd Szott, president of the Detroit Auto Dealers Association.
“And hopefully it will be fixed soon.”
“To me it has all the look and feel of a ransomware event,” cybersecurity expert David Derigiotis told Fox News.
“We depend on technology, we depend on software and if there is a point of failure throughout the digital supply chain it has ripple effects and that’s what we’re seeing here with this exact example.”
The attack occurred just days after a separate hack that pushed Findlay Automotive Group offline.
Insurance company Zurich North America warned that dealerships are a prime target for hackers because they hold a “wealth of information” about customers’ credit applications and financial information.
“Additionally, dealer systems are often connected to external interfaces and portals, such as third-party service providers,” Zurich explains, with many dealers lacking “basic cybersecurity protection.”
CDK released figures showing that attacks by cyber hackers on individual car dealers increased from 15 to 17 percent last year.
It boasts of providing a “three-tiered cybersecurity strategy to prevent, protect, and respond to cyber-attacks.”
But it was roasted on social media after the hack that brought much of the auto retail industry to a standstill.
Customers expressed their anger over CDK’s cybersecurity breach online
“Instead of paying the ransom and not letting the data leak, they shut everything down and now the data is being sold privately or leaked for free and CDK’s reputation is ruined,” @RichOffMNQ tweeted.
“Worst decision they ever made.”
“This CDK Global breach is a good example of why companies shouldn’t use shared services,” John Marcum suggested.
“This whole #CDK situation is just insane,” Sarah Brown added. “It’s frankly baffling that companies aren’t doing their due diligence to invest in heavy cybersecurity in 2024.
‘I really hope CDK will be back tomorrow, because of the amount of work everyone will have to catch up on.’