CDK Global's cyberattack has significantly impacted multiple automotive service groups in the U.S., causing widespread operational disruptions.
The back to back attacks on CDK Global that occurred earlier this month have affected nearly 15,000 car dealerships across North America, with many large service providers disclosing indirect impact to the authorities.
Background
CDK Global, which serves over 15,000 car dealerships across North America with comprehensive SaaS platforms for CRM, financing, payroll, support, service, inventory, and back-office operations, reported a second cyberattack as it was still recovering from the first.
The initial breach on June 18 had already led CDK to take its data centers offline to prevent further spread, significantly disrupting dealership operations. The second attack compounded these issues, leaving businesses unable to track or order parts, conduct sales, or offer financing, leading to severe economic losses.
Broader impact
Three large automotive service providers in the United States have filed 8-K forms with the Securities and Exchange Commission (SEC) to announce impact since last Friday, and more are expected to follow later today and the upcoming days. The three that have disclosed thus far are:
Penske Automotive Group, headquartered in Bloomfield Hills, Michigan, operates as a leading international transportation services company. The Group runs Premier Truck Group, which uses CDK's dealer management system. This system's disruption forced Premier Truck Group to implement business continuity response plans, continuing operations through manual or alternate processes. Despite these efforts, the disruption has notably affected their service and parts operations.
Group 1 Automotive, based in Houston, Texas, is a Fortune 300 company and one of the largest automotive retail groups in the United States. The company utilizes CDK's dealer systems for managing customer relationships, sales, financing, service, inventory, and back-office operations. Following the attack, Group 1 activated its cyber incident response procedures to protect its systems. Although their U.K. operations were unaffected, U.S. dealerships had to resort to alternative processes to maintain business continuity.
Sonic Automotive, headquartered in Charlotte, North Carolina, is one of the nation's largest automotive retailers, providing comprehensive services across various states. The attack on CDK affected Sonic's dealer management system (DMS) and customer relationship management (CRM) system, which are critical for sales, inventory, and accounting functions. Sonic has taken precautionary steps to protect its systems and is investigating the incident's full impact, yet dealerships remain operational through workaround solutions.
No timeline for restoration
The attacks on CDK have led to significant operational disruptions for dealerships reliant on its SaaS platforms. The inability to access crucial systems has forced many to revert to manual processes, causing delays and inefficiencies. The financial repercussions are substantial as dealerships struggle to conduct sales and service operations. The extended downtime has also strained customer relationships and disrupted the supply chain, leading to potential long-term consequences for the affected businesses.
CDK Global has engaged external third-party experts to assess the impact and assist in restoring normal operations. The company has established dedicated phone lines for updates and has recommended that impacted clients disconnect Always-On VPN connections to prevent potential lateral movement by attackers. Although CDK emphasized its commitment to reinstating normal operations swiftly, no specific timeline has been provided yet, causing more frustration and uncertainty.
A CNN report from Sunday based on a statement directly from a CDK spokesperson suggests that the restoration to normal operations is expected to take several more days, if not more, forcing large car manufacturers like Ford to explore alternative routes that could potentially lessen the impact on the market.
LockBit Ransomware Claims Massive Breach on U.S. Federal Reserve
Leave a Reply