NEW YORK (AP) – North American auto dealers are still grappling with major disruptions that began last week with cyberattacks on a company whose software is widely used in the auto retail sector.
CDK Global, a company that provides software to thousands of car dealers in the US and Canada, was hit by cyber attacks on Wednesday. This led to an outage that has continued to affect operations.
For potential car buyers, this means delays at dealerships or handwritten vehicle orders. There is no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.
On Monday, Group 1 Automotive Inc., a $4 billion retailer, said it is using “alternative processes” to sell cars to its customers. Lithia Motors and AutoNation, two other dealer chains, also revealed that they implemented solutions to continue their operations.
Here’s what you need to know.
What is CDK Global?
CDK Global is a major player in the car sales industry. The company, based outside of Chicago in Hoffman Estates, Illinois, provides software technology to dealers that helps with day-to-day operations – such as facilitating vehicle sales, financing, insurance and repairs.
CDK serves more than 15,000 retail locations across North America, according to the company.
What happened last week?
CDK experienced back-to-back cyber attacks on Wednesday. The company shut down all of its systems after the first attack out of an abundance of caution, according to spokeswoman Lisa Finney, and then shut down most systems again after the second attack.
“We have begun the restoration process,” Finney said in an update over the weekend — noting that the company had launched an investigation into the “cyber incident” with third-party experts and notified law enforcement.
“Based on the information we have at this time, we anticipate that the process will take several days to complete, and in the meantime we are continuing to actively engage with our customers and offer them alternative ways of doing business,” she added.
In messages to its customers, the company also warned of “bad actors” posing as CDK members or associates to try to gain access to the system by contacting customers. He urged them to be wary of any phishing attempts.
The incident had all the hallmarks of a ransomware attack, in which targets are asked to pay a ransom to access encrypted files. But CDK declined to comment directly — neither confirming nor denying whether it had received a ransom demand.
“When you see an attack of this type, it almost always ends up being a ransomware attack,” Cliff Steinhauer, director of information security and engagement at the National Cyber Security Alliance. “We see that from time to time unfortunately, (especially in) the last couple of years. No industry and no organization or software company is immune.”
Are affected dealers still selling cars?
Several major auto companies — including Stellantis, Ford and BMW — confirmed to The Associated Press last week that the CDK outage had affected some of their dealers, but that sales operations are continuing.
In light of the ongoing situation, a spokesperson for Stellantis said on Friday that many retailers had switched to manual processes to serve customers. This includes writing orders by hand.
A Ford spokesman added that the outage could cause “some delays and inconvenience at some dealers and for some customers.” However, many Ford and Lincoln customers are still receiving sales and service support through alternative channels used at dealerships.
“People who’ve been around — you know, guys who have maybe a little salt in their hair like me — we remember how to do it before computers,” said John Crane of Hawk Auto Group, a Westmont, Illinois- based sales operator using CDK. “It’s just a few more steps and a little more time.”
Although affected Hawk Auto dealers are still able to serve customers by “getting back to basics,” Crane added that those working in administration are still “pulling our hair out.” He notes that there are now reams of paper waiting to be processed – instead of orders that automatically went through a computer overnight.
Group 1 Automotive Inc. said Monday that the incident has disrupted applications and business processes in its US operations that rely on CDK’s merchant systems. The company said it has taken measures to protect and isolate its systems from the CDK platform.
In regulatory filings, Lithia Motors and AutoNation disclosed that last week’s incident at CDK had disrupted their operations as well.
Lithia said it activated cyber incident response procedures, which included “disrupting business service connections between the company’s systems and CDK.” AutoNation said it also took steps to protect its systems and data, adding that all of its locations remain open “albeit at lower productivity” as many are serviced manually or through alternative processes.
HOW CAN I PROTECT MYSELF?
With many details of the cyber attacks still unclear, customer privacy is also top of mind – especially with little knowledge of what information may have been compromised this week.
If you bought a car from a dealership that uses CDK software, cybersecurity experts point out that it’s important to assume that your data may have been compromised. This could potentially include “quite sensitive information,” Steinhauer noted, such as your social security number, employment history, income and current or former addresses.
Those affected should monitor their credit – or even freeze their credit as an added layer of protection – and consider signing up for theft monitoring insurance. You’ll also want to be wary of any phishing attempts. It’s best to make sure you have reliable contact information for a company by visiting its official website, for example, as scammers sometimes try to take advantage of news of data breaches to gain your trust through similar emails or phone calls. .
These are some best practices to keep in mind whether you’re a victim of a CDK data breach or not, Steinhauer said. “Unfortunately, in this day and age, our data is a valuable target — and you need to make sure you’re taking steps to protect it,” he said.
___
Associated Press writer Mike Householder in Detroit contributed to this report.