CDK system shut down again, after 2nd cyber attack
By onAnnouncements
CDK once again shut its systems down late Wednesday after it discovered a second cyber incident, a statement from the company Thursday morning says.
“In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers,” the statement says. “We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible.”
The company restored its core dealership management system and digital retailing solutions Wednesday afternoon after shutting them down earlier in the day as it investigated a cyber incident, according to pervious CDK statements.
CDK provides services to 15,000 dealerships nationwide, according to its website.
“Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, told BleepingComputer that the [first] attack caused CDK to take its two data centers offline at approximately 2 AM [Tuesday] night,” a BleepingComputer article says.
BleepingComputer reported Thursday that cybersecurity and IT professionals it talked to felt that CDK was moving too fast at bringing services online, “potentially increasing the risk to its customers.”
“While the outages are significantly impacting the car sales industry, there is concern that CDK is not properly investigating the scope of the breach before bringing servers back online,” BleepingComputer reported. “Not properly mitigating a breach could lead to further cyberattacks, as evidenced by last night’s second breach, and a greater risk of theft of customer data.”
A hotline for CDK support played an automated recording that said the outage could impact dealerships for days, according to PC Mag. Support numbers found on CDK’s website just went to a busy signal mid-day Thursday.
Mike Coding, Jaguar Land Rover Marin master certified parts manager, said disruptions are significant when a DMS goes down.
“From a parts department, we can’t officially quote or invoice any parts,” Coding said in an email. “Auto replenishment type stock replacement orders are halted. Access to look at parts inventory locations is non-existent.”
Coding said these are just a few things impacting daily operations.
“Each store handles things differently,” Coding said. “I am sure some stores just send people home. We are a very savvy parts department. We are here to serve our customers as usual.”
Dealership employees gathered on Reddit to share their horror stories of paper contracting sales or sitting idle with nothing to do. Multiple users said they hadn’t used a paper contract in more than 20 years.
“We have sent home the entire BDC since they have nobody to call and can’t schedule service appointments,” one Reddit user said. “I am manning the phones solo asking people to call back later. Service is dead in the water. We are still selling and showing cars and doing paper contracts. I feel like a caveman. Best of luck to you all.”
MSN reported Wednesday that some dealerships were using spreadsheets and sticky notes to sell customers small parts and make repairs. It said they were avoiding large transactions.
Some auto repair shops have also anecdotally reported to Repairer Driven News that the cyber attacks have impacted more than just dealerships. Parts ordering through other systems that connect to CDK have been impacted, for instance.
CCC confirmed late Thursday that it has disabled integrations it has with the company as a result of the issues impacting CDK.
“CCC customers using CCC Parts and CCC ONE Repair Workflow may receive errors when performing certain actions within CCC ONE, and customers will not be able to receive parts quotes, place orders, or receive invoices from those dealers who utilize CDK,” a statement from CCC says. “We understand the disruption this is causing to customers and have been communicating with them directly. CCC will restore our connection to CDK as soon as CDK systems are available.”
All other CCC systems and CCC One will continue to operate as expected outside of the inability to communicate with CDK, the statement says.
A study completed by CDK last year, found 17% of dealers had experienced a cyberattack or incident in the previous year.
“Cybercriminals are increasingly targeting auto retailers utilizing sophisticated methods meant to appear from secure and trusted sources. Unfortunately, human error can waylay the best-laid plans and put a dealership at serious risk,” said David LaGreca, CDK Global senior vice president and general manager of IT Solutions, in a 2023 press release. “Employee awareness training should play an integral role in a dealership’s plan to prevent potential cyber threats.”
The release points to research from Coveware that says data theft and extortion have increased drastically in the past four years. It says the average cybercriminal financial payout increased from $44,000 in 2019 to $740,144 in 2023.
A cyberattack can result in an average of 3.4 weeks in downtime for dealers, the release said. It also added nearly a quarter of impacted auto retailers are unable to retrieve the stolen data.
“Unfortunately, it is no longer a matter of ‘if’ but ‘when’ a cyber breach arises,” LaGreca says in the release. “Having the necessary preventative measures in place, along with a trusted partner to manage IT infrastructure, can help minimize a dealership’s impact when an attack does occur.”
Thirty-two percent of cyberattacks on dealers resulted in information theft and 56% affected sale transactions, the release said. The attacks included theft of customer personally identifiable information 22% of the time and finance and insurance data 22% of the time.
Forty-six of the dealers experienced a negative financial/operation impact from attacks, 69% included employees downtown, 46% included hardware/software replacement and 31% damaged a dealership’s reputation.
CDK’s research found the top threats to be:
-
- Email phishing scams
- Lack of employee awareness
- Ransomware
- PC virus/malware
- Theft of business data
- Stolen/weak passwords
- Vehicle cyber attacks
The study was conducted in June 2023 with 175 dealership respondents.
IMAGES
Photo courtesy of Fahroni/iStock