Restoring car dealership services nationwide by Independence Day, according to CDK.
CDK Global, a critical player in the automotive retail supply chain, has been struggling to recover from a ransomware attack perpetrated by the BlackSuit group. The attack, discovered on June 19, used a double-extortion model, encrypting critical CDK data and threatening to leak sensitive information unless a ransom was paid.
The attack, believed to have infiltrated CDK's infrastructure through phishing emails or stolen credentials, caused widespread outages for approximately 15,000 North American car dealerships, affecting CDK’s Dealer Management System and other services.
In the aftermath, five major car dealers – Sonic Automotive, Penske Automotive Group, AutoNation, Group 1 Automotive, and Lithia Motors – filed cyber incident disclosures with the Securities and Exchange Commission, warning investors of negative impacts on business operations.
CDK has paid around $25 million in Bitcoin to regain control of its systems, according to reports. However, the company has repeatedly declined to answer questions about its recovery timeline and the nature of the attack.
The restoration of CDK's Dealer Management System is nearly complete, but the restoration of other services including the customer relationship management platform is ongoing. Initial service restoration efforts began on June 23, 2024, shortly after the ransom was paid. CDK initially stated that full restoration would not be completed before June 30, 2024, but by July 4, 2024, access for nearly all dealers had been restored.
CDK expects to restore access to its cloud-based system for all dealerships by late July 3 or early July 4. However, the timeline for when other services will be brought online remains unspecified.
The disruption has caused significant challenges for car dealers across North America, potentially impacting those anticipating elevated sales activity during the Fourth of July holiday weekend. CDK has restored its customer care channels and will notify dealers when they can regain access to the Dealer Management System through its dealer resource portal.
As the end of the disruption is in sight, car dealers can look forward to a return to normal operations, marking the end of a challenging period.
- The cybersecurity incident at CDK Global, a major player in the automotive retail industry, has highlighted the critical role of cybersecurity in the finance and transportation sectors, raising concerns about the security of other companies' digital infrastructure.
- The ransomware attack on CDK Global, which infiltrated its network through suspected phishing emails or stolen credentials, affected not only its Dealer Management System but also other services, causing widespread disruptions for North American car dealers.
- As the restoration of CDK Global's cloud-based system nears, the technology industry will closely monitor the recovery progress of this critical player in the automotive retail supply chain, with potential implications for cybersecurity practices across various industries.
