Car dealerships across hit by massive cyberattack—hackers demand multimillion-dollar ransom.

CDK Global, a software supplier, was hacked, leaving dealership clients wondering whether they would receive support and if their data had been taken.


As if the dealership experience in America wasn’t already stressful enough, it looks that a major provider of cloud-based data storage and software for the automotive sector has been hacked. CDK Global told its customers and the media that a hack had disrupted its services, perhaps leaving you waiting longer for your vehicle to be repaired. However, that may not represent the full extent of the impact. On June 24, Bloomberg discovered that CDK Global may be paying a ransom to a hacking gang identified as Bleeping Computer. Penske Auto Group confirms that its Premier Truck Group is impacted. More information may be found in the story’s original text.


According to USA Today, CDK Global suffered a cyberattack on Wednesday, June 19, which was still disrupting its software and data services the next day, June 20. This incident comes just after Findlay car Group, a big car retailer in the southwest, was subjected to a cybersecurity attack on its data services, according to the Las Vegas Review-Journal.

How Can a Hack on One Group Affect So Many?


According to its website, CDK Global delivers software and cloud-based data storage to automobile dealerships and OEMs. According to its website, CDK Global offers these services to “nearly 15,000 dealer locations” and include digital retail experience, financial software, marketing, and other consumer data. It also provides (ironically, in this case) IT and other cybersecurity solutions for dealers, as bad actors see the automotive industry as an easy way to steal customer financial and identity data from dealerships, which are traditionally not particularly data-hardened despite dealing with a large volume of customer data. So yet, there is no clear estimate of how many dealerships were affected, but considering CDK’s customer base, it is reasonable to assume this is broad.


What Did the Hackers Do or Steal?


When approached for reaction, Lisa Finney, CDK Global’s senior manager of external communications, said, “Late in the evening of June 19, we received an additional cyber intrusion and proactively took down the majority of our systems. We are investigating the impact in collaboration with third-party specialists and will provide our customers with frequent updates. We remain attentive in our attempts to restore our services and return our dealers to business as usual as soon as feasible.”


When asked for further information, Finney informed MotorTrend that CDK Global is “not addressing specific questions at this time.” Finney did indicate that its main Dealer Management System (DMS) and Digital Retailing capabilities have been restored, and that CDK’s top focus is client security, “and our actions reflect our obligation to them as a trusted partner.” We also contacted significant dealer networks such as AutoNation, Penske Auto Group, and Findlay Auto Group to check if the hack had any impact on their businesses, but none answered in time for publication.


Ransomware and Hacker Group Revealed

According to Bloomberg, the cybersecurity breach is part of a larger ransomware campaign on CDK Global. Although CDK has not specified the precise amount it would pay, Bloomberg reports that it is in the “tens of millions of dollars.” According to CDK, malicious actors are “contacting our customers, posing as members or affiliates of CDK, trying to obtain system access.” According to Bloomberg, Sonic Automobile Inc., a countrywide dealer network located in Charlotte, has had its operations interrupted. Sonic dealerships have reopened using a workaround.


According to an SEC filing, Penske Auto Group’s car division was unaffected by the CDK difficulties, but its Premier Truck Group, which includes medium and heavy duty trucks, was. Penske Premier Truck Group, like Sonic Automotive Inc., is using a workaround and “immediately took precautionary containment steps” to safeguard itself and its clients after learning about the concerns with CDK Global.

Bleeping Computer reports in a separate story that the CDK ransomware assault was carried out by the hacking organization “BlackSuit”. The paper also mentions that CDK is working with the gang to obtain a decryptor and “not leak stolen data.” According to the Cybersecurity and Infrastructure Security Agency (CISA), BlackSuit is not the first instance of this sort of assault.

It was previously known as “Royal Ransomware” and was responsible for last year’s strike on the City of Dallas. Since September 2022, the Russian and Eastern European organization has been tied to $275 million in ransom demands.


You might find this article interesting too!: The Advantages of Using a Contact Center Solution


New car dealers are not the only ones affected.

Now that sources indicate that the ransomware assault may stretch CDK’s downtime until June 30, it is evident that more than just new vehicle dealerships will be impacted. Independent shops and collision service centers have contacted us, stating that owing to CDK Global’s closure of local dealership systems, they are unable to obtain OEM repair parts for automobiles in their shops. Other software-as-a-service providers are allegedly preventing automated ordering from any dealership that is known to utilize CDK. We’ve contacted out to Genuine Parts firm, NAPA’s parent firm, which also sells NAPA Repair Link to independent shops; Snap-On, which supplies DealerFX and other repair and service software products; and CCC, a collision repair software firm, for feedback on how CDK has affected them, and we will provide an update based on their replies.


Workarounds Increase Headaches and Pose Security Risks

Then there are the workarounds that dealers are using. Rather than simply sitting there, dealers are resorting to pen-and-paper solutions, according to Automotive News. Unfortunately, those solutions are unstable and expose dealers to traditional identity theft approaches, which will have an impact on commission payments to dealership sales staff. According to CNN, many consumers are visiting their local DMV only to be instructed to schedule an appointment, which would cause their new car registration to be delayed by three to four days.

Then there’s the impact the closure of 15,000 dealerships will have on the US economy. According to CNN, car dealerships accounted for 17%, or $122 billion, of total retail sales in May. With 10 days without dealership access, sales might drop by $4 billion to $16 billion, reducing overall retail sales in the United States by 2.3 percent. It would also reduce the annual GDP growth rate by a full percentage point in the second quarter of 2024.

What Can You Do as an Individual Customer?


Unfortunately, we don’t know what specific data was exposed by this assault since CDK pressed the equivalent of a “Stop” button, shutting down “most” of its systems. For the time being, if you’ve been a recent customer of a dealership, whether for service, purchasing, or test driving a vehicle, it’s probably wise to keep an eye on your digital financial records. We will update this story as soon as any of the groups we contacted respond with further information. Meanwhile, numerous dealerships have apparently ceased operations while the issues are resolved, so if you intend on purchasing or repairing a car soon, phone your local dealer first to check whether it is open.


We ask our beloved clients and all tech savvies to take action on this and stay vigilant!


Get Our Free Book

Cybersecurity essentials for business owners

Subscribe to our SOS|Support newsletter!






Verified by MonsterInsights