Car dealership management software provider CDK Global was hit by a significant cyberattack that forced the company to take its systems offline, severely impacting thousands of car dealerships across the US that rely on CDK solutions.
What happened in the CDK Cyber Attack?
According to sources familiar with the incident, the cyber attack on CDK Global occurred in the early morning hours of June 19th, causing the company to shut down its IT infrastructure, including data centers, phones, and key applications around 2AM to contain the threat.
In a statement to customers, CDK Global acknowledged experiencing a “cyber incident” but provided few additional details.
“We are currently assessing the overall impact and currently have no ETA,” the company said.
Some affected car dealership employees expressed concern that attackers may have been able to leverage CDK’s legacy “always-on” VPN connections into dealer networks. As a precaution, CDK advised dealerships to disconnect these VPNs.
CDK Data Breach Forced Dealers to Revert to Pen and Paper
The outage has led to massive disruption for car dealerships that rely on CDK solutions to manage critical dealership functions. Employees reported being unable to track and order vehicle parts, process new car sales, or provide financing options to customers.
Without access to CDK applications, many dealers resorted to manual “paper and pencil” methods or sent employees home.
One frustrated dealer said on reddit:
“We are almost to that point… no parts, no ROs, no times… just dead vehicles with nothing to show for them or parts to fix them.”
CDK Cyber Attack Could Be a Ransomware Incident
Cybersecurity experts monitoring the situation said the potential scope and duration of the CDK cyber attack indicated it may have been a ransomware incident. Though unconfirmed by CDK Global, a ransomware attack could explain the need to take systems fully offline and the lack of any recovery timeframe provided.
If ransomware was used, it could take days or weeks for CDK to fully disinfect their environment and bring all applications back online, prolonging the business impact for thousands of car dealers.
Recovery efforts continue as investigation into the CDK global cyber incident remains ongoing
As of June 20th, CDK Global continued to slowly restore some services while keeping many applications offline pending further testing. In an update to dealerships, the company announced Phone, DMS, and Digital Retail solutions were coming back up but other applications remained down. CDK Global is also continuing to investigate the full scope of the incident but has still not confirmed if ransomware was involved.
The CDK cdk cyber attack is a reminder of the critical role third-party systems and data play in many organizations. While details are limited, the incident shows how vulnerable extended IT environments can be if threat actors are able to penetrate even one cloud provider or managed service.
As recovery from even temporary outages can take considerable time and resources, it emphasizes the importance of continuity planning, offline data backup policies, and multi-layered cyber defenses for all organizations involved in sharing systems and data.