The Impact of the CDK Dealer Management Systems Cyber Attack

CDK Global LLC, a large provider of cloud-based data storage and software for the car dealership industry in North America and Europe, has been dealing with the aftermath of a ransomware attack that has disrupted its services and systems for more than 3 weeks now.  

On June 18th, ‘black hat’ hackers with BlackSuit were able to infiltrate CDK Dealer Management Systems and demanded a ransom from CDK. This prompted CDK to shut down most of its dealer systems “out of an abundance of caution,”. CDK restored some systems that afternoon, but another cyber-attack on the evening of June 19th prompted the company to take the systems offline once again.  

The gravity of the event is immense. Approximately 15,000 of the 18,000 new car dealerships in the U.S. use CDK. Large dealer groups, such as Asbury Automotive Group, Auto Nation, Group 1 Automotive, Lithia Motors, and Sonic Automotive all use CDK as the ‘backbone’ of their dealership transactions. CDK provides essential software that helps car dealers manage daily operations, including vehicle sales, financing, insurance, and repairs. This attack has caused major disruptions to the operations of almost all car dealers relying on the company’s services for business. From finance, to parts, to the service drive; every transaction flows through CDK. Within the first two weeks of the attack and shutdown, the Anderson Economic Group estimated up to $ 605 million in dealers’ financial losses, and current estimates top 1 billion dollars in potential lost revenue.  

So far, after restoring the majority of functionality after three weeks, CDK has been named in 8 lawsuits over lost revenue and more are likely coming, and the full details of the attack’s cause remain unknown. CDK has not publicly disclosed which systems were targeted, what vulnerabilities were exploited by the attackers, or the nature of customer data that may have been stolen.  

Cyber threats are increasingly becoming common among service organizations and software providers, and key takeaways from the CDK Global Cyberattack include many areas of consideration. A strong cyber security framework is essential, encompassing regular security audits, comprehensive employee training in identifying phishing and social engineering attempts, and proactive incident response plans. These plans should include immediate containment, effective communication strategies for stakeholders, and established recovery processes to minimize operational disruptions. Data backup and recovery processes are critical for swift system restoration, and third-party risk management compliance is vital for reducing interconnected network breaches. Continuous monitoring and improvement of these measures can help fortify an organization’s defense against cyber threats and help ensure the integrity of their systems and data. 

During the CDK shutdown, collision repairers who relied on electronic parts ordering systems other than PartsTrader were negatively impacted. However, dealership parts departments using PartsTrader were able to adapt quickly by manually quoting directly into the PartsTrader marketplace to continue fulfilling OE parts orders. The impact on PartsTrader customers regarding OEM parts quotes was minimal, with only a slight 0.2 reduction in the number of quotes during the CDK shutdown compared to the week prior. This demonstrates the resilience and flexibility of the PartsTrader platform in ensuring that customers were still able to access the parts they needed during this challenging time.