NEW YORK (AP) — Car dealerships across North America are still reeling from major disruptions that began last week with cyberattacks on a company whose software is widely used in the auto retailing sector.
CDK Global, a company that provides software to thousands of auto dealers in the US and Canada, was hit by a series of cyber attacks on Wednesday, causing disruptions in operations that are still affecting.
For prospective car buyers, this means delays at dealerships or hand-written vehicle orders. There's no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.
On Monday, $4 billion automotive retailer Group 1 Automotive Inc. said it is using “alternative processes” to sell cars to its customers. Two other dealership chains, Lithia Motors and AutoNation, also revealed they have implemented alternative measures to continue their operations.
Here is what you need to know.
What is CDK Global?
CDK Global is a major player in the auto sales industry. Based in Hoffman Estates, Illinois, just outside Chicago, the company provides dealers with software technology that helps with day-to-day operations — such as facilitating vehicle sales, financing, insurance and repairs.
According to the company, CDK services more than 15,000 retail locations in North America.
What happened last week?
CDK faced two consecutive cyber attacks on Wednesday. According to spokeswoman Lisa Finney, the company shut down all of its systems as a precaution after the first attack, and then shut down most of the systems again after the second attack.
“We have begun the restoration process,” Finney said in an update over the weekend – adding that the company has begun investigating the “cyber incident” with third-party experts and has notified law enforcement.
“Based on the information we have at this time, we anticipate this process will take several days to complete, and in the meantime we will remain actively engaged with our customers and provide them with alternative ways to do business,” he said.
In messages sent to its customers, the company also warned about “bad actors” posing as CDK members or affiliates who try to gain system access by contacting customers. It urged them to be wary of any phishing attempts.
The incident bore all the hallmarks of a ransomware attack, in which targets are asked to pay a ransom to access encrypted files. But CDK declined to comment directly — neither confirming nor denying that it had received a ransom demand.
“When you see an attack like this, it's almost always a ransomware attack,” said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. “Unfortunately, we see this over and over again, (especially) in the last couple of years. No industry and no organization or software company is immune.”
Are the affected dealerships still selling cars?
Several major auto companies — including Stellantis, Ford and BMW — confirmed to The Associated Press last week that some of their dealers were affected by the CDK outage but sales operations were continuing.
Given the current situation, a Stellantis spokesperson said on Friday that many dealerships have adopted a manual process for serving customers. This includes writing down orders by hand.
A Ford spokesperson said the disruption “may cause some delays and inconveniences for some dealers and some customers.” However, many Ford and Lincoln customers are still receiving sales and service support through alternate routes being used at dealerships.
“People who have been in this work a long time — you know, people who maybe have a little salt in their hair like me — we remember how it was done before computers,” said John Crane of Hawk Auto Group, a Westmont, Illinois-based dealership operator that uses CDK. “There's just a few more steps and a little more time.”
While the affected Hawk Auto dealerships are still able to serve customers by “going back to basics,” Crane said those working in administration are still “pulling our hair out.” He said there are now piles of paperwork to process — instead of orders being automatically processed on computers overnight.
Group 1 Automotive Inc. said on Monday that the incident disrupted business applications and processes at its U.S. operations that rely on CDK dealers' systems. The company said it has taken measures to keep its systems secure and isolated from CDK's platform.
Lithia Motors and AutoNation disclosed in regulatory filings that their operations were also disrupted by the incident at CDK last week.
Lithia said it activated cyber incident response procedures, which included “severing business service connections between the company's systems and CDK.” AutoNation said it also took steps to protect its systems and data, adding that all of its locations remain open “with reduced productivity” as many are serviced manually or through alternative processes.
How can I protect myself?
With many details of the cyberattacks still unclear, customer privacy is also a top priority — especially with so little known about what information has been compromised this week.
If you bought a car from a dealership that used CDK software, cybersecurity experts stress that it's important to assume your data may have been breached. Steinhauer said this could potentially include “pretty sensitive information,” such as your Social Security number, employment history, income and current or former address.
Those affected should monitor their credit – or even Freeze their credit Consider signing up for identity theft monitor insurance — and as an extra layer of protection. You should also be wary of any phishing attempts. For example, it's best to visit a company's official website to make sure you have reliable contact information, as scammers sometimes try to take advantage of news about data breaches to gain your trust with similar-looking emails or phone calls.
Steinhauer said these are some best practices you should keep in mind, whether you're a victim of CDK's data breach or not. “Unfortunately, in today's times, our data is a valuable target — and you have to make sure you're taking steps to protect it,” he said.
,
Associated Press writer Mike Householder in Detroit contributed to this report.