NEW YORK — Car dealerships across North America have faced major disruptions this week.
CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks on Wednesday. That led to an outage that continued to impact many of their operations on Friday.
For prospective car buyers, that may mean delays at dealerships or vehicle orders written up by hand, with no immediate end in sight. Here’s what you need to know.
CDK Global is a major player in the auto sales industry. The company, based just outside of Chicago in Hoffman Estates, Illinois, provides software technology to dealers that helps with day-today operations — like facilitating vehicle sales, financing, insurance and repairs.
CDK serves more than 15,000 retail locations across North America, according to the company. Whether all of these locations were impacted by this week’s cyberattacks was not immediately clear.
CDK is “actively investigating a cyber incident” and the company shut down all of its systems out of an abundance of caution, spokesperson Lisa Finney said Wednesday.
CDK “executed extensive testing,” consulted third-party experts, and restored its core DMS and Digital Retailing solutions by the afternoon, Finney said in a prepared statement.
CDK experienced another “cyber incident” Wednesday evening, Finney said in a update the following day. “We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible,” she said.
When that will be is still unknown. As of Friday morning, a recorded message from CDK on a hotline detailing updates for its customers said “we do not have an estimated time frame for resolution — and therefore our dealer systems will not be available, likely for several days.” Customer care support channels also remain unavailable, it said.
The message added that the company was aware of “bad actors” posing as members or affiliates of CDK to try to obtain system access by contacting customers. It urged employers to be cautious of any attempted phishing.
Several major auto companies — including Stellantis, Ford and BWM — confirmed to The Associated Press Friday that the CDK outage had impacted some of their dealers, but that sales operations continue.
In light of the ongoing situation, a spokesperson for Stellantis said that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand.
A Ford spokesperson said that the outage may cause “some delays and inconveniences at some dealers and for some customers.” However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.
With many details of the cyberattacks still unknown, customer privacy is also at top of mind — especially with little known about what information may have been compromised this week.
In a statement sent to the AP on Friday, Mike Stanton, president and CEO of the National Automobile Dealers Association said that “dealers are very committed to protecting their customer information and are actively seeking information from CDK to determine the nature and scope of the cyber incident so they can respond appropriately.”
A recent cyberattack on a software supplier has caused a multi-day outage for car dealerships across the country, leaving many businesses unable to operate effectively and causing frustration among customers. The attack, which targeted a popular software provider used by numerous dealerships to manage inventory, sales, and customer information, has highlighted the vulnerability of the automotive industry to cyber threats.
The outage began on Monday morning when dealerships across the country suddenly found themselves unable to access their software systems. This meant that employees were unable to process sales, manage inventory, or access customer information, leading to significant disruptions in day-to-day operations. Some dealerships were forced to resort to manual processes, causing delays and errors in their operations.
The software supplier quickly confirmed that they had been the target of a cyberattack, but provided little information on the nature of the attack or when services would be restored. This lack of transparency only added to the frustration felt by dealerships and their customers, who were left in the dark about when they could expect a resolution.
The impact of the outage was felt not only by dealerships, but also by customers who were unable to complete transactions or access information about their vehicles. Many dealerships rely on their software systems to manage customer relationships and provide timely service, so the outage had a ripple effect on customer satisfaction and loyalty.
Cyberattacks on software suppliers are becoming increasingly common as hackers target vulnerabilities in systems that are used by multiple businesses. In this case, the attack on the software supplier had far-reaching consequences for the automotive industry, highlighting the need for increased cybersecurity measures and vigilance among businesses that rely on third-party software providers.
As dealerships work to recover from the outage and restore normal operations, it serves as a reminder of the importance of having contingency plans in place for cyber incidents. Businesses should regularly review their cybersecurity protocols, ensure that they have backups of critical data, and have a response plan in place in case of an attack.
In the meantime, dealerships affected by the outage are left to deal with the fallout and try to minimize the impact on their operations and customer relationships. The incident serves as a cautionary tale for businesses in all industries about the potential risks of cyberattacks and the importance of being prepared for such threats.
