Approximately 15,000 auto dealers across the U.S. have been impacted by a major “ransom event” at the end of June against CDK Global, a prominent automotive industry software supplier. Dealers depend on their applications for managing tasks such as inventory, sales, financing, and services – this is called a Dealer Management System, or DMS.
According to CBS News, a spokesperson for CDK Global told them that “Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems.”
Immediately, large franchise groups had their cybersecurity teams act on their own end, with some able to conduct business through alternate methods. Some dealerships, however, were completely in the dark for days.
Bloomberg had reported on June 21st that a ransom had been set amounting to “tens of millions of dollars” with CDK intending to pay.
In early July, lawsuits from dealerships began to be filed against CDK Global, alleging CDK’s data security standards weren’t strong enough, or, as one complaint in Illinois stated, “insufficiently protected computer systems.”
The suits allege that CDK did not properly protect the private information of its clients or their customers.
A second suit in Florida states that “This negligence has led to significant breaches affecting countless individuals across the United States who have purchased or serviced a vehicle or work at any business location with their personal data stored and accessible within the CDK systems.”
The recent ransomware attack on CDK Global underscores the vulnerability of the automotive industry and its extensive network of smaller businesses. This incident is a stark reminder of the critical need for robust cybersecurity measures. Proactive steps to safeguard data and protect client relationships are vital in mitigating the consequences of such security breaches.