CDK Global cyberattack cripples 15,000 US auto dealerships
CDK Global, a software-as-a-service (SaaS) provider for car dealers and auto equipment manufacturers, has suffered a cyberattack that has temporarily disrupted its customers’ operations.
About CDK and its platform
CDK’s platform is used by 15,000+ car dealerships across North America to manage their sales, customer relationships, financing, inventory, customer support, and other aspects of their day-to-day operations.
The customers use locally installed apps to access the CDK platform, and round-the-clock access to the platform and CDK data centers is made possible via a cloud-based SD-WAN and a VPN solution.
CDK notifies customers of cyberattack (twice)
The first attack apparently started on the night of June 18h (Tuesday).
While CDK has yet to release an official statement on their website and its social media accounts, its customers have been contacted and provided with preliminary information and instructions on what to do.
According to the customer communiqués that have been shared on Reddit, the company is still describing it as a cyber incident.
CDK reacted by shuting down their systems as a matter of precaution, advised customers to shut down access to their dealer management system (DMS) and called in third-party cybersecurity experts to help with the investigation and remediation.
“With the work done, we are confident the CDK Phones, DMS and Digital Retail have been restored. Both Unify and DMS direct login access are available. We are continuing to conduct extensive tests on all other applications, and we will be providing updates as we bring those applications back online,” the company explained.
They later followed up with an update saying that they experienced an additional cyber incident late in the evening on June 19th, and have again shut down most of their systems.
“We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th,” they said.
“As of now, our Customer Care channels for support remain unavailable as a precautionary measure to maintain security. It is a high priority to reinstate these services as soon as possible.”
Whether this was an attack involving the use of ransomware still remains to be seen, but the shutting down of systems and access might be measures to block it from spreading.
UPDATE (June 24, 2024, 05:45 a.m. ET):
Unnamed Bloomberg sources say it was a ransomware attack, that CDK is negotiating the ransom payment with an Eastern European cybercrime group, and that CDK is warning its customers about phishing attempts via phone performed by crooks impersonating CDK associates.
According to the current recorded message available to those calling dedicated CDK phone lines, the company has made some applications available (Digital Retail, Payroll Plus, CDK Phones), but that restoration of other services is ongoing (the restoration timeline is still unknown).