Fallout continues from CDK back-to-back cyber attacks

As our readers are aware, CDK Global, a major DMS software provider for dealerships, was hit with back-to-back cyber attacks and experienced an outage that saw the majority of its systems shut down. The situation remains very fluid, as the company tries to restore its systems safely so that dealerships can resume operations. Canadian auto dealer reached out to CDK for the latest update and talked with Canadian dealers about the situation.

In an official statement released this week, CDK Global said that it experienced a cyber incident on June 19. “We promptly launched an investigation with leading third-party experts and notified law enforcement. We have begun the restoration process and are continuing to actively engage with our customers and provide them with alternate ways to conduct business.”

After we published this article Friday June 28, we received an updated statement from CDK. That statement reads: “We are continuing our phased approach to the restoration process. We have successfully brought two small groups of dealers and one large publicly traded dealer group live on the Dealer Management System (DMS). We are also actively working to bring live additional applications—including our Customer Relationship Management (CRM) and Service solutions—and our Customer Care channels. In the meantime, we have created a Dealer Resource Center with commonly used documents and forms to support their sales and service efforts. We understand and share the urgency for our customers to get back to business as usual, and we will continue providing updates as more information is available.”

Another media outlet, CBS MoneyWatch, reported late Wednesday that the company has been able to restore operations to some dealers. A statement they received from CDK provided the update: “We have successfully brought a small initial test group of dealers live on the Dealer Management System (DMS), and once validation is complete we will begin phasing in other dealers.”

In a separate statement, sent to clients this week, CDK advised that their systems might not be back up fully in time for the end of June.

“We want to continue to be as transparent as possible with you. As we communicated yesterday, we are continuing the restoration process of our core applications and are making significant progress. We do feel it’s important to share that we do not believe that we will be able to get all dealers live prior to June 30th. Should you need to make alternate plans for your month-end financial close process, you should do so.”

Some dealerships across North America have been forced to resort to manual and paper-based systems to sell and finance vehicles. AutoCanada, a user of CDK’s information systems — including some that are necessary to support their dealer management system — said in a news release that its dealerships are being impacted. 

“We have not identified any compromise or unauthorized access to our systems,” the company said in a news release. “This incident has had, and is likely to continue to have, a negative impact on the company’s business operations until the relevant systems are fully restored. Our dealerships remain open, and we are continuing to sell and service vehicles, and otherwise serve our customers, through manual and alternative processes.”

AutoCanada said it immediately took precautionary measures to protect its systems. They are also reviewing the situation to see if there is any potential impact.

As the incident remains ongoing, AutoCanada said it has not yet determined the full scope and impact of the event. 

A Global News report, published on June 25, also confirmed that CDK experienced back-to-back cyberattacks. Based on their interview with Tim Reuss, President and CEO of the Canadian Automobile Dealers Association, “hundreds” of dealerships in Canada have been impacted. 

Various media reports say the outage was a “ransom event” and is linked to the Blacksuit ransomware hackers. CDK has approximately 15,000 dealership clients in the United States and Canada.

The owner of a Canadian dealership group that has previously been hit by a cyberattack a few years ago, said the ongoing attack on CDK Global may take weeks to be resolved.

Vaughn Wyant, President and CEO of the Wyant Group, told Canadian auto group two of his 18 stores are affected by the hack because they are using CDK software. He said some of his stores were cyberattacked a few years ago, which resulted in a six-figure ransom payment paid out by the service provider’s insurer.

Wyant said it will be a “miracle” if it can be resolved in two weeks. While he doesn’t have any specific information about the CDK situation, he shared his own experiences of what happened to his operations.

“There are cyber criminals and there’s two types of companies (that will be hit), those who have been hacked and those that will be hacked. It takes time to negotiate the ransom,” he said. “You’ve got to negotiate that. It doesn’t happen overnight. You need lawyers to negotiate (and who) are specifically trained and do this for a living.”

He added that once the ransom figure has been negotiated, the “threat actor” has a process to get the attacked company back online. Wyant said after that the payment has to be arranged, which is done through cryptocurrency, because it can’t be traced. When his company was hacked, he said it was out of business for three weeks.

He surmised his dealership was possibly hacked a few years ago, because somebody in the company stumbled on to the wrong website and opened up a window of opportunity to penetrate.

“Usually it starts internally and spreads from there, and they find a weakness in your system,” said Wyant. “I know what we had to go through just to get to the finish line and it’s frustrating as hell.”

Shahin Alizadeh, owner of the Downtown Auto Group, has been in the automotive business for more than 40 years. He said he has never seen anything like this happen before. 

DAG retails several brands in its Autoplex that were not affected because the company uses another DMS software provider. However an offsite Nissan store that is using CDK was hacked. He said the company has used its virtual private network to allow all types of business to be done online at the Nissan store instead of by hand.

“We’re getting by, but not perfectly,” said Alizadeh. “It’s painful, but we’re not as crippled as would be if we had our entire platform with CDK.”

OpenRoad, which has had some of its stores impacted, posted a notice on its website to indicate all of the stores are open for sales and service by booking online.

The notice said customers with existing service appointments at certain OpenRoad locations may experience longer than usual wait times due to the CDK system disruptions. The notice also said all personal data will be safe. It concluded by saying the company’s “top priority” is ensuring the safety of its customers, and that includes the integrity of customer data and privacy.

The media coverage of the outage has been widespread, well outside of the automotive press and into the mainstream media. LinkedIn is also ablaze with commentary, and posts from dealers and other industry observers about the outage and what it means for the company and the industry. 

David Spisak, an American-based automotive consultant, posted on LinkedIn he had empathy for the 15,000 dealers across North America.

“Listen, no one wanted this to happen and no one would want to be in CDK’s shoes right now as they struggle to get their systems back online, and then they have to deal with the aftermath of the multiple cyber incidents,” Spisak wrote in his post. “It is important to also say that we can trust in the fact that every associate at CDK wants their dealers to get back online as quickly as possible.”

“This is a sobering moment that, while technology is great and can be an asset, any and every company, including dealerships, can be hit by these types of cyber incidents at any time.”

DAS Tech is an automotive tech company waiving subscription fee for dealers impacted by DMS/CRM outages.

Hayley Ringle, Director of Communications and Culture at DAS Tech, emailed Canadian auto dealer to indicate that within hours of the cyberattack her company offered new features to current clients at no additional cost to allow them to route leads and communications around non-functioning CRM and DMS systems. 

“We are always ready to pivot to help dealers with any challenges,” wrote Ringle.

Jay Vijayan, Founder and CEO of Tekion, posted on LinkedIn that dealers are showing incredible resilience, coming together to find alternative solutions. “We salute their resourcefulness and stand by them to support in any meaningful way we can,” posted Vijayan. 

He also wrote that Tekion is committed to assisting dealers.

“We researched many solution options and feel that while this is one aspect of the business, it is an important one that can provide quick and meaningful relief for dealers to sell cars. We are providing free access to our tax, title and license solution, Tekion Digital Processing to all affected dealers.”

Other DMS vendors like Reynolds and Reynolds have also offered support to dealers who are struggling to continue operating without access to their DMS systems.

Related Articles
Share via
Copy link