NEW YORK — Auto dealers in North America continue to grapple with major disruptions that began last week with a cyber attack on software companies used in the auto retail sales sector.
CDK Global, a company that provides software to thousands of car dealers in the US and Canada, was hit by back-to-back cyber attacks on Wednesday. That caused disruptions that continue to affect operations.
For prospective car buyers, that means delays at the dealership or handwritten vehicle orders. There is no immediate end in sight, with CDK saying it expects the restoration process to take “several days” to complete.
On Monday, Group 1 Automotive Inc., a $4 billion automotive retailer, said it continues to use “alternative processes” to sell cars to customers. Lithia Motors and AutoNation, two other dealership chains, also announced that they are implementing solutions to maintain operations.
Here’s what you need to know.
CDK Global is a major player in the car sales industry. The company, based outside of Chicago in Hoffman Estates, Illinois, provides software technology to dealers that helps with day-to-day operations – such as facilitating vehicle sales, financing, insurance and repairs.
CDK serves more than 15,000 retail locations in North America, according to the company.
CDK suffered back-to-back cyber attacks on Wednesday. The company shut down all systems out of an abundance of caution, spokeswoman Lisa Finney said last week.
“We have begun the restoration process,” Finney said in a weekend update — noting that the company has launched an investigation into the “cyber incident” with third-party experts and notified law enforcement.
“Based on the information we have at this time, we expect that the process will be completed in a few days, and in the meantime we continue to actively engage with our customers and offer alternative ways of doing business,” he added.
In its message to customers, the company also warned “bad actors” who are members or affiliates of CDK to try to gain system access by contacting customers. He urged them to be wary of phishing attempts.
The incident has all the hallmarks of a ransomware attack, where the target is asked to pay a ransom to access encrypted files. But CDK declined to comment directly – neither confirming nor denying that it had received a ransom demand.
Several major car companies – including Stellantis, Ford and BMW – confirmed to The Associated Press last week that the CDK outage affected some dealers, but sales operations continued.
In light of the active situation, a spokesperson for Stellantis said that many dealerships have moved to a manual process to serve customers. That includes writing orders by hand.
A Ford spokesman added that the outage may cause “some delays and inconvenience to some dealers and some customers.” However, many Ford and Lincoln customers still receive sales and service support through alternative routes used at dealerships.
Group 1 Automotive Inc., which has 202 automotive dealerships, 264 franchises, and 42 collision centers in the U.S. and U.K., said Monday that the incident disrupted applications and business processes at its U.S. operations that rely on the CDK dealership system. . The company said it is taking steps to protect and isolate its systems from the CDK platform.
All Group 1 US dealerships will continue to do business using the alternative process until the CDK dealers system is available, the company said on Friday. Group 1 dealers in the UK do not use the CDK dealer system and have not been affected by the incident.
In regulatory filings, Lithia Motors and AutoNation disclosed that last week’s incident at CDK also disrupted their operations.
Lithia said it activated cyber incident response procedures, which included “disconnecting business services between the company’s systems and CDK.” AutoNation said it is also taking steps to protect its systems and data — adding that all locations remain open “despite lower productivity. ,” as many are serviced manually or through alternative processes.
With many details of cyberattacks still unclear, customer privacy is also at the fore – especially those who don’t know what information could be compromised this week.
In a statement last week, Mike Stanton, president and CEO of the National Automobile Dealers Association, said that “dealers are very committed to protecting customer information” and sought an update from CDK to determine the scope of the impact “so we can respond appropriately.”
Cybersecurity experts stress that consumers who connect to CDK (or CDK-affiliated dealers) should consider that their data may have been breached. Those affected should monitor their credit – or even consider a credit freeze as an additional layer of defense – and be on the lookout for suspicious phishing messages.
