Car Dealers Grapple With Dayslong Software Outage After CDK Cyberattack

car dealers grapple with dayslong software outage after cdk cyberattack

A cyberattack that has forced car dealerships around the U.S. to use pen and paper to sell cars is expected to continue for several days.

CDK Global, the company behind the software, told dealerships in a message that it had two cyber incidents Wednesday and that it took down its software out of caution to protect customer information.

A CDK spokeswoman declined to comment further. It wasn’t immediately clear who or what group was behind the cyberattacks.

Nearly 15,000 dealers use CDK’s software to manage their sales, payroll and general office operations, according to the company’s website. The system has been down since the incidents, disrupting how dealerships sell and repair cars.

Analysts at JPMorgan Chase said in a note Friday that many dealerships are dealing with the outage by writing out car sales and terms on paper. Dealerships may lose money on repairs, the analysts said, since customers may go to a dealership that doesn’t use CDK to get their car fixed more quickly.

Auto dealerships were a $1.2 trillion industry in the U.S. last year, according to the National Automobile Dealers Association.

The association, which represents more than 16,000 car dealerships, said Friday that its members have been reaching out to CDK to determine “the nature and scope of the cyber incident so they can respond appropriately.”

Shares of auto dealers have taken a hit over the past few days. AutoNation dropped more than 4% over the past two days. Others, including Lithia Motors and Sonic Automotive, also fell.

The hack on a major supplier to car dealerships highlights a common weak point in companies’ cybersecurity programs. Even if a company secures its own technology systems, they may still be vulnerable if one of their suppliers is attacked.

car dealers grapple with dayslong software outage after cdk cyberattack

In some cases, hackers use an entry point into a supplier to attack several companies at once. Thousands of companies were hit by a cyberattack last year on MoveIt, a file-transfer tool from Progress Software.

High-profile supply chain hacks on a widely used service provider show how dramatic the effects can be on its customers. A ransomware attack in February on UnitedHealth Group’s Change Healthcare unit, which operates the largest U.S. clearinghouse for health-insurance billing, cut off revenue to medical providers and forced some to furlough staff.

“The supply chain in so many sectors is so fragile,” said Charles Carmakal, chief technology officer with Mandiant, a subsidiary of Google Cloud that investigates ransomware infections.

In recent months, law enforcement authorities have tried to disrupt ransomware operators by seizing control of some of their infrastructure. And while those seizures may have caused pain for the criminals, they haven’t had a big effect on the ransomware problem, investigators say.

One of the groups targeted by authorities, ALPHV, bounced back after its takedown, for example. Months later it was responsible for the Change Healthcare outage.

“Ransomware is like the drug trade,” said Brett Callow, a threat analyst with the security company Emsisoft. “People will always be willing to step up and replace those who are taken out.”

Still, companies are more prepared for ransomware attacks than they used to be, and it is more common for victims to recover their locked-up computer systems without paying a ransom, according to data compiled by ransomware negotiator Coveware. During the first three months of the year, 28% of victims chose to pay a ransom, Coveware said. Five years ago, when the company first started compiling its payment data, 85% of victims paid a ransom. The payment rate has steadily declined since then.

CDK was bought by investment firm Brookfield Business Partners in 2022 in a deal valued at $8.3 billion, including debt.

CDK surveyed dealers on the threat of cyberattacks in a 2023 report, saying it was important for dealerships to protect themselves against such incidents.

“Cybercriminals continue to target dealerships with ever-evolving methods to steal user and client data, from simply stealing passwords to sophisticated phishing schemes,” the report said.

On Friday, CDK warned that people were contacting dealerships and impersonating CDK employees to gain access to their systems.

“CDK associates will not and have not been soliciting access or passwords,” the message said. “Any request should be immediately treated as suspicious.”

Mike Colias and Catherine Stupp contributed to this article.

Write to Joseph Pisani at [email protected], Ryan Felton at [email protected] and Robert McMillan at [email protected]

OTHER NEWS

43 minutes ago

Chelsea to finish top four, Crystal Palace to finish in the top half and Leeds to win the league valued at 18/1 - as the Premier League and Championship kick off next month

43 minutes ago

Man United and Liverpool 'set to battle it out to sign France star on a free transfer'... as Red Devils look to beat their arch-rivals to another target after landing £52m Leny Yoro

43 minutes ago

What the 9 human cases of bird flu in the U.S. so far tell us about the disease

43 minutes ago

UK pay growth slows but likely still too high for Bank of England to keep lid on inflation

43 minutes ago

Michelin-rated restaurant fights back against online blackmailers

43 minutes ago

India taking 'baby steps' to get involved in semiconductor value chain: Goldman Sachs

43 minutes ago

Indianapolis Turning Point: Reddick set to steal regular-season title? What to expect in Indy return?

43 minutes ago

This is what it's like to party in a country on the brink of war

44 minutes ago

Oil and gas regulator rejects reports of govt meddling in North Sea drilling applications

44 minutes ago

Refused to give up first-class seat to child: Online debate erupts

44 minutes ago

Six NFL Quarterbacks Taken In The UFL Draft On Wednesday

44 minutes ago

German coalition approves controversial 2025 budget to boost economy

44 minutes ago

Shady's back: Eminem to perform at Abu Dhabi F1 after-race concert

44 minutes ago

I’ve placed a big bet on this forgotten FTSE 100 share and think I’m onto a winner

44 minutes ago

Motor racing-Magnussen to vacate Haas F1 seat at end of season

44 minutes ago

North Korean Defector to Lead South Korea's Unification Council

44 minutes ago

New Minister wants to form a state-owned water company

44 minutes ago

Manipur Govt launches re-verification drive to curb illegal immigration from Myanmar

48 minutes ago

Revealed: The coronavirus outbreak plan ignored by the government during the pandemic

48 minutes ago

Mystery buyer sets record for most spent at dinosaur auction

48 minutes ago

Charlize Theron explains The Old Guard 2 release delay

48 minutes ago

Man Utd's stance on Matthijs de Ligt transfer emerges after medical completed

48 minutes ago

EU’s von der Leyen vows to fight for democratic, ‘strong’ Europe in bid for second term

48 minutes ago

Wage growth falls back further but continues to outstrip inflation

48 minutes ago

Joe Biden walks slowly off Air Force One after testing positive for Covid

48 minutes ago

Nawazuddin Siddiqui admits he did Rajinikanth’s Petta only for the money, says he feels ‘guilty’ for ‘cheating’ in his performance: ‘Itna saara paisa…’

48 minutes ago

Weather damage estimated to be in excess of R1bn as next storm hits today

48 minutes ago

Huge sale in Dubai: Amazon's Prime Day is underway

48 minutes ago

Here’s how the repo rate impacts your pocket

48 minutes ago

Former Secret Service agent says Trump would-be assassin Thomas Crooks scouted rally spot in advance

48 minutes ago

Bellingham ‘set up’ by senior England players who were ‘happy’ Real Madrid star took media ‘flak’

48 minutes ago

Is this the anti-ageing elixir we've all been waiting for? Scientists reveal whether it could REALLY slow human aging too - as 'supermodel granny' drug that extends lifespan of mice by 25% is created

53 minutes ago

China investigators suspect construction work caused fire that killed 16 people in shopping mall

53 minutes ago

Vietnam's President To Lam becomes caretaker of Communist Party while chief Trong focuses on health

57 minutes ago

Real Madrid fans will 'be made to wait for Kylian Mbappe's debut', with club's new superstar signing set to MISS their pre-season tour of the US

57 minutes ago

FA 'set to interview diverse coaches' in hunt for new England manager - with search for Gareth Southgate's successor the first since introduction of Football Leadership Diversity Code

58 minutes ago

Most intact stegosaurus fossil sold for record $44.6m at auction

58 minutes ago

The Acolyte star Manny Jacinto says he wasn’t surprised by Top Gun cutting all his lines

58 minutes ago

The FOMO over old buildings before they go

58 minutes ago

Mediacorp’s recent redecoration of a conserved bungalow done without necessary approval: URA

ALONGWALKER VIETNAM: Kênh khám phá trải nghiệm của giới trẻ, thế giới du lịch ALONGWALKER INDONESIA: Saluran untuk mengeksplorasi pengalaman para pemuda global