CDK Global, a leading provider of dealership management systems and digital retailing solutions, is grappling with a significant cybersecurity crisis. The company initially shut down its systems Tuesday, June 19 to investigate a “cyber incident,” as spokesperson Lisa Finney reported. Although CDK managed to restore its core systems by Wednesday afternoon, another cyber incident later that evening forced the company to shut down most of its systems again.
Impact on the Automotive Industry
The ongoing shutdown of CDK’s systems is severely impacting the automotive retail industry across the U.S. and Canada. This disruption is particularly damaging during the crucial summer sales season, affecting vehicle sales, financing, and repairs. Major automotive companies, including BMW, Kia, Toyota, and Stellantis, have stepped in to assist dealerships in serving customers during the outage. Ford, for instance, has maintained sales and service support through alternative processes available to its dealers.
In Michigan, Todd Szott, dealer partner at Szott Auto Group in metro Detroit, has kept his stores operational by finding workarounds despite significant challenges. The CVR system, which registers vehicle plates at dealerships and is operated by CDK for the state, remains down. “We can’t do the final paperwork with CDK down, or we can’t do the title work with the CVR system down,” Szott said, noting the severe impact on dealership operations.
Security Concerns and Scams
The cyberattacks on CDK have raised significant security concerns within the DMS business, mirroring similar incidents that have disrupted universities, casinos, financial institutions, and hospitals. It remains unclear what, if any, information the cyber attackers may have accessed. Adding to the challenges, CDK has warned its customers about scammers posing as CDK IT support staff, urging vigilance against phishing attempts and emphasizing that CDK associates will not solicit access or passwords.
According to Mike Stanton, President of NADA, “Dealers are very committed to protecting their customer information and are actively seeking information from CDK to determine the nature and scope of the cyber incident so they can respond appropriately.”
Industry Response
As CDK works to resolve the issues, competitors are stepping in to support affected dealerships. Reynolds and Reynolds President Chris Walsh acknowledged the broader impact on the industry, stating, “Our industry is under attack… it is hurting a lot of dealers and consumers as we enter the peak of summer.” Reynolds and Reynolds is increasing production at its printing facility to provide necessary paper materials and offering its Desking solution at no charge to those using other impacted software like eLead CRM.
Similarly, Tekion CEO Jay Vijayan expressed solidarity with the auto retail community, confirming that Tekion’s platform is operating normally and announcing the suspension of all integrations and data feeds to CDK as a precautionary measure. Tekion is actively working on a technology solution to help affected dealerships maintain business continuity.
Ongoing Efforts and Communication
CDK Global has committed to providing regular updates as the situation evolves. Though disruptive, the company’s proactive measures aim to safeguard customer data and systems from further harm. Meanwhile, the collaborative efforts of industry competitors underscore the shared commitment to supporting dealerships through this challenging period. The situation highlights the critical role that digital systems play in modern automotive retail and the far-reaching consequences when these systems are compromised.
