NEW YORK – Numerous dealers automobiles North America continues to deal with disruptions that began last week with cyberattacks against a software company widely used in the vehicle sales sector.
CDK Global, a company that supplies software to thousands of car dealerships in the United States and Canada, was hit by two consecutive cyberattacks on Wednesday. This led to a disruption that continues to affect operations.
For car buyers, that led to delays at dealerships or having to fill out forms by hand. There appears to be no end in sight, as CDK said repairs to the system could take “several days.”
On Monday, Group 1 Automotive Inc., a $4 billion vehicle seller, said it was continuing to use “alternative processes” to sell cars.
What is CDK Global?
CDK Global is a major company in the automobile sales industry. The company, based in Hoffman Estates, Illinois, provides software that helps dealers in their daily operations, such as facilitating auto sales, financing, insurance and repairs.
CDK serves more than 15,000 stores in North America, according to the company.
What happened last week?
CDK suffered successive cyberattacks on Wednesday. The company shut down all of its systems as a precaution, spokeswoman Lisa Finney said last week.
“We have begun the restoration process,” Finney said in an update over the weekend, noting that the company had launched an investigation into the “cyber incident” with outside experts and had notified law enforcement.
“Based on the information we have at this time, we anticipate that the process will take several days to complete, and in the interim we continue to welcome customers and give them alternative ways to do business with us,” he added.
In messages to its customers, the company also warned of “bad actors” who are trying to impersonate CDK affiliates to gain access to the system by contacting customers. He asked customers to be extremely cautious about the possibility of phishing.
The incident has the hallmarks of a ransomware attack, where the victim is asked for money in exchange for access to encrypted files. But CDK declined to comment directly, neither denying nor confirming that it had received a demand for money.
Are they still selling cars?
Several major auto companies, including Stellantis, Ford and BMW, confirmed last week that the CDK outage had affected some of their dealerships, but that sales operations continue.
In light of the current situation, a Stellantis spokesperson said Friday that many dealerships had switched to manual processes to serve customers. That includes writing orders by hand.
A Ford spokesperson added that the outage may cause “some delays and inconvenience at some dealerships and for some customers.” However, many Ford and Lincoln customers still receive sales and service support through alternative routes used at dealerships.
Group 1 Automotive Inc., which owns 202 auto dealerships, 264 franchises and 42 collision centers in the United States and the United Kingdom, said Monday that the incident has disrupted its applications and business processes at its U.S. operations that rely on CDK dealer systems. The company said it took steps to protect and isolate its systems from the CDK platform.
All Group 1 dealerships in the country will continue to conduct business using alternative processes until CDK dealership systems are available, the company said Monday. Group 1 dealers in the UK do not use CDK dealer systems and are not affected by the incident.
Since many details of the cyberattacks remain unclear, customer privacy is also a priority, especially since little is known about what information may have been compromised this week.
Cybersecurity experts have emphasized that consumers connected to CDK—or an affiliated dealership—should assume their data may have been compromised. Those affected should monitor their credit—or even consider freezing their credit as an additional layer of defense—and be wary of any suspicious phishing messages.
In a statement last week, Mike Stanton, president and CEO of the National Automobile Dealers Association, said that “dealers are very committed to protecting their customers’ information” and were seeking CDK updates to determine the extent of the impact “so that they can respond appropriately.”
Source: AP
