Vehicles sit in a row outside a dealership June 2 in Lone Tree, Colo. (David Zalubowski/Associated Press)
[Stay on top of transportation news: Get TTNews in your inbox.]
Car dealerships across North America have faced major disruptions this week.
CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks June 19. That led to an outage that continued to impact many of their operations June 21.
For prospective car buyers, that may mean delays at dealerships or vehicle orders written up by hand, with no immediate end in sight. Here’s what you need to know.
What Is CDK Global?
CDK Global is a major player in the auto sales industry. The company, based just outside Chicago in Hoffman Estates, Ill., provides software technology to dealers that helps with day-to-day operations — like facilitating vehicle sales, financing, insurance and repairs.
CDK serves more than 15,000 retail locations across North America, according to the company. Whether all of these locations were impacted by this week’s cyberattacks was not immediately clear.
What Happened This Week?
CDK is “actively investigating a cyber incident,” and the company shut down all of its systems out of an abundance of caution, spokesperson Lisa Finney said June 19.
RELATED: Social Engineering Cyberattacks on the Rise
CDK “executed extensive testing,” consulted third-party experts, and restored its core DMS and Digital Retailing solutions by that afternoon, Finney said in a prepared statement.
CDK experienced another “cyber incident” that evening, Finney said in a June 20 update. “We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible,” she said.
Corey Cox of the Tandet Group of companies discusses how early AI adopters are beginning to harvest the latest wave. Tune in above or by going to RoadSigns.ttnews.com.
When that will be is still unknown. As of the morning of June 21, a recorded message from CDK on a hotline detailing updates for its customers said “we do not have an estimated time frame for resolution — and therefore our dealer systems will not be available, likely for several days.” Customer care support channels also remain unavailable, it said.
The message added that the company was aware of “bad actors” posing as members or affiliates of CDK to try to obtain system access by contacting customers. It urged employers to be cautious of any attempted phishing.
Are Impacted Dealerships Still Selling Cars?
Several major auto companies — including Stellantis, Ford and BMW — confirmed to the AP on June 21 that the CDK outage had impacted some of their dealers, but that sales operations continue.
In light of the ongoing situation, a spokesperson for Stellantis said many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand.
A Ford spokesperson said the outage may cause “some delays and inconveniences at some dealers and for some customers.” However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.
With many details of the cyberattacks still unclear, customer privacy is also at top of mind — especially with little known about what information may have been compromised this week.
In a statement sent to the AP on June 21, Mike Stanton, president and CEO of the National Automobile Dealers Association, said that “dealers are very committed to protecting their customer information and are actively seeking information from CDK to determine the nature and scope of the cyber incident so they can respond appropriately.”