NEW YORK (AP) — Car dealers in North America are still grappling with major disruptions that began last week with cyberattacks on a company whose software is widely used in the auto retail industry.
CDK Global, a company that provides software to thousands of car dealers in the US and Canada, was hit by back-to-back cyber attacks on Wednesday. This led to a disruption that still has consequences for business operations.
For potential car buyers, that meant delays at dealerships or handwritten vehicle orders. There is no immediate end in sight, but CDK says it expects the recovery process to take “several days.”
On Monday, Group 1 Automotive Inc., a $4 billion auto retailer, said it is using “alternative processes” to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also announced that they have implemented solutions to keep their operations running.
Here’s what you need to know.
What is CDK Global?
CDK Global is a major player in the car sales sector. The company, based just outside Chicago in Hoffman Estates, Illinois, provides software technology to dealers that helps with day-to-day operations such as facilitating vehicle sales, financing, insurance and repairs.
According to the company, CDK serves more than 15,000 retail locations in North America.
What happened last week?
CDK faced successive cyber attacks on Wednesday. According to spokesperson Lisa Finney, the company shut down all its systems after the first attack out of an abundance of caution and shut down most systems after the second attack.
“We have begun the remediation process,” Finney said in an update over the weekend, noting that the company had launched an investigation into the “cyber incident” with outside experts and notified law enforcement.
“Based on the information we have at this time, we expect the process to take several days, and in the meantime we continue to actively work with our customers and provide them with alternative ways to do business,” she added.
In messages to its customers, the company has also warned about “bad actors” posing as CDK members or affiliates and attempting to gain system access by contacting customers. They were urged to be cautious of any phishing attempt.
The incident had all the hallmarks of a ransomware attack, where targets are asked to pay a ransom to gain access to encrypted files. But CDK declined to comment directly and neither confirmed nor denied whether a ransom had been demanded.
“When you see an attack like this, it almost always ends in a ransomware attack,” said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. “We unfortunately see it again and again, (especially in) the last few years. No industry and no organization or software company is immune.”
Are the affected dealers still selling cars?
Several major auto companies — including Stellantis, Ford and BMW — confirmed to The Associated Press last week that the CDK outage had affected some of their dealerships, but that sales activity continues.
In light of the ongoing situation, a Stellantis spokesperson said on Friday that many dealers had switched to manual processes to serve customers. That includes writing orders by hand.
A Ford spokesperson added that the outage could cause “some delays and inconveniences at some dealers and for some customers.” However, many Ford and Lincoln customers continue to receive sales and service support through alternative routes used at dealerships.
“The people who have been around longer — you know, guys who maybe have a little salt in their hair like me — remember how to do it before computers,” said John Crane of Hawk Auto Group, a Westmont, Illinois-based dealership using CDK. “It’s just a few more steps and a little more time.”
While affected Hawk Auto dealers are still able to serve customers by “getting back to basics,” Crane added that those working in administration are still “pulling our hair out.” He notes that there are now stacks of paper waiting to be processed – instead of orders automatically processed on a computer overnight.
Group 1 Automotive Inc. said Monday that the incident disrupted its business applications and processes in its U.S. operations, which rely on CDK’s dealer systems. The company said it has taken measures to protect and isolate its systems from the CDK platform.
In regulatory filings, Lithia Motors and AutoNation announced that last week’s incident at CDK had also disrupted their operations.
Lithia said it had activated cyber incident response procedures, including “disconnecting business service connections between the company’s systems and those of CDK.” AutoNation said it has also taken steps to protect its systems and data, adding that all of its locations remain open “albeit at reduced productivity. ,” as many are operated manually or through alternative processes.
HOW CAN I PROTECT MYSELF?
With many details about the cyberattacks still unclear, customer privacy is also paramount, especially as little is known about what information may have been compromised this week.
If you purchased a car from a dealer that uses CDK software, cybersecurity security experts emphasize that it is important to assume that your data may have been compromised. That could potentially include “quite sensitive information,” such as your social security number, employment history, income, and current or former addresses.
Those affected should keep an eye on their credit – or even freeze their credit as an extra layer of defense – and consider signing up for theft insurance. You should also be wary of phishing attempts. It’s best to make sure you have reliable contact information for a company by visiting its official website, for example. Scammers sometimes try to take advantage of data breach news to gain your trust through similar emails or phone calls.
Those are some best practices to keep in mind, whether you’re a victim of the CDK data breach or not, Steinhauer said. “Unfortunately, our data is a high-value target today – and you need to make sure you take steps to protect it,” he said.
___
Associated Press writer Mike Householder in Detroit contributed to this report.