A cyberattack on software provider CDK Global disrupted operations at auto dealerships across the United States on Wednesday.
CDK spokeswoman Lisa Finney said the company shut down most of its systems “out of an abundance of caution” for its customers. The company had restored its core document management system and digital retail solutions by Wednesday afternoon.
“We continue to conduct extensive testing on all our other applications and will provide updates as we bring those applications back online,” Finney said in an emailed statement.
Finney declined to answer questions about how many dealerships were affected, but CDK’s website says the company works with more than 15,000 retailers across North America.
What does CDK Global do?
CDK is one of the nation’s leading providers of cloud-based software to dealerships that helps them manage vehicle acquisition, sales, financing, insurance, repairs and maintenance. The company’s website states that it offers a “three-tiered cybersecurity strategy to prevent, protect and respond to cyber attacks.”
Why are car dealerships targets for cyber attacks?
The incident follows a cyberattack last week on Findlay Automotive Group, which operates in five states, which said the attack limited its ability to conduct sales and service operations, the Las Vegas Review-Journal reported.
According to CDK’s 2023 report, cybercriminals are increasingly targeting auto dealerships, with 17% of 175 dealerships surveyed experiencing a cyberattack or incident within the past year, up from 15% the year before. Of these dealerships, 46% said a cyberattack had a negative impact on their finances or operations.
Dealerships are attractive targets because they hold vast amounts of sensitive customer data. From credit applications to customer financial information, dealerships are “a goldmine of information” for hackers, according to a 2023 article from insurer Zurich North America.
“Furthermore, dealer systems are often interconnected with external interfaces and portals, including from external service providers,” the report states, and many dealerships “lack basic cybersecurity protections.”
