Car Dealerships Disrupted by Pair of Cyberattacks

Attacks Focused on CDK Global, a Company That Provides Software for Thousands of Auto Dealers in US, Canada
Vehicles at dealer lot
Vehicles sit in a row outside a dealership June 2 in Lone Tree, Colo. (David Zalubowski/Associated Press)

[Stay on top of transportation news: Get TTNews in your inbox.]

NEW YORK — Car dealerships in North America continue to wrestle with major disruptions that started last week with cyberattacks on a software company used widely in the auto retail sales sector.

CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks June 19. That led to an outage that has continued to impact operations.

For prospective car buyers, that's meant delays at dealerships or vehicle orders written up by hand. There's no immediate end in sight, with CDK saying it expects the restoration process to take “several days” to complete.

On June 24, Group 1 Automotive Inc., a $4 billion automotive retailer, said that it continued to use “alternative processes” to sell cars to its customers.

Here is what you need to know.

What Is CDK Global?

CDK Global is a major player in the auto sales industry. The company, based just outside Chicago in Hoffman Estates, Ill., provides software technology to dealers that helps with day-to-day operations — like facilitating vehicle sales, financing, insurance and repairs.

CDK serves more than 15,000 retail locations across North America, according to the company.

What Happened Last Week?

CDK experienced back-to-back cyberattacks June 19. The company shut down all of its systems out of an abundance of caution, spokesperson Lisa Finney said last week.

“We have begun the restoration process," Finney said in an update over the weekend — noting that the company had launched an investigation into the “cyber incident” with third-party experts and notified law enforcement.


Corey Cox of the Tandet Group of companies discusses how early AI adopters are beginning to harvest the latest wave. Tune in above or by going to  

“Based on the information we have at this time, we anticipate that the process will take several days to complete, and in the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business,” she added.

In messages to its customers, the company has also warned of “bad actors” posing as members or affiliates of CDK to try to obtain system access by contacting customers. It urged them to be cautious of any attempted phishing.

The incident bore all the hallmarks of a ransomware attack, in which targets are asked to pay a ransom to access encrypted files. But CDK declined to comment directly — neither confirming nor denying if it had received a ransom demand.

RELATED: Social Engineering Cyberattacks on the Rise

Are Impacted Dealerships Still Selling Cars?

Several major auto companies — including Stellantis, Ford and BMW — confirmed to AP last week that the CDK outage had impacted some of their dealers but that sales operations continue.

In light of the ongoing situation, a spokesperson for Stellantis said June 21 that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand.

A Ford spokesperson added that the outage may cause “some delays and inconveniences at some dealers and for some customers.” However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.

Group 1 Automotive, which owns 202 automotive dealerships, 264 franchises and 42 collision centers in the U.S. and the United Kingdom, said June 24 that the incident has disrupted its business applications and processes in its U.S. operations that rely on CDK’s dealers’ systems. The company said it took measures to protect and isolate its systems from CDK’s platform.

All Group 1 U.S. dealerships will continue to conduct business using alternative processes until CDK’s dealers’ systems are available, the company said June 24. Group 1’s dealerships in the U.K. don't use CDK’s dealers’ systems and are not impacted by the incident.

Want more news? Listen to today's daily briefing above or go here for more info

With many details of the cyberattacks still unclear, customer privacy is also at top of mind — especially with little known about what information may have been compromised.

Cybersecurity experts have stressed that consumers connected to CDK (or a CDK-affilated dealership) should assume that their data may have been breached. Those impacted should monitor their credit — or even consider freezing their credit as an added layer of defense — and be wary of any suspicious phishing messages.

In a statement last week, Mike Stanton, president and CEO of the National Automobile Dealers Association, said, “Dealers are very committed to protecting their customer information" and were seeking updates from CDK to determine the scope of impact "so they can respond appropriately.”