CDK Global, a major software provider to auto dealerships in the U.S., has been hacked, forcing the company to shut down most of its systems temporarily. This cyberattack effectively halted sales operations at approximately 15,000 car dealerships, including those under General Motors, Group 1 Automotive, and Holman.
“We are actively investigating a cyber incident,” a CDK spokesperson told CBS News. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”
The hack began on Tuesday evening, as reported by Bleeping Computer, a cybersecurity news site. The disruption has taken the 15,000 car dealerships it serves offline. Although it remains unclear who is behind the cyberattack, CDK has been working with third-party experts to restore its systems.
By Wednesday afternoon, CDK announced that some systems were back online. “With the work done so far, our core dealer management system (DMS) and Digital Retailing solutions have been restored. We continue to conduct extensive tests on all other applications and will provide updates as we bring those applications back online,” CDK said.
However, the company announced today that, “Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems. In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible.”
CDK touts its cybersecurity capabilities on its website, highlighting a three-tiered strategy to prevent, protect, and respond to cyberattacks.
Some dealership employees turned to alternative methods to continue operations during the outage. Employees shared on Reddit that they were using spreadsheets and sticky notes to sell small parts and perform repairs, although large transactions were impossible.
The incident underscores the vulnerability of critical systems and the widespread impact a cyberattack can have on business operations. CDK Global continues to work on restoring all functionalities while investigating the source of the attack.