What to know about the massive car dealership outage | CNN Business (2024)

What to know about the massive car dealership outage | CNN Business (1)

A customer looks at vehicles for sale at an AutoNation Toyota dealership in Hayward, California, US, on Monday, June 24, 2024. The hack that's disrupted business at thousands of car dealerships in North America is now in the process of getting resolved, the targeted software provider CDK Global said.

New York CNN

CDK Global is still down heading into the brisk car-selling Fourth of July holiday next week. Auto dealerships use its software to manage everything from scheduling to records, and the mass outage since last week has paralyzed nearly 15,000 dealerships across North America.

CDK said last Saturday that it has begun restoring its software, but both car buyers and dealers are currently at a standstill. It has suggested several times that a fix is in order, only to say then that its systems would remain out of commission for a while longer.

Here’s what you need to know about the massive software outage.

What does CDK Global do?

CDK Global provides data and technology to different automotive dealerships. Its systems are used by roughly 15,000 car dealerships across the United States and Canada.

CDK operates different software products car dealers use to handle workflow such as keeping records of negotiated deals, to scheduling and communicating about service. Not every dealer uses CDK’s products, and those that do may not use CDK for every dealership task, but the system shutdown has been a problem for many.

To protect customer privacy, customers’ details aren’t written out on a piece of paper that’s just sitting on a desk anymore. Instead, information about deals and customer appointments iskept in a server that’s now impossible for salespeople affected by the outage to access.

Can I still buy a car or get my car repaired?

Salespeople and service employees who spoke with CNN say they’ve resorted to using pen and paper to process purchases, which has drawn out the amount of time it takes to buy a car, according to Scott Campbell, a salesman at Capital City Buick GMC in Berlin, Vermont. He estimates wait times have doubled or tripled.

Several buyers and repair customers tell CNN they’ve experienced long delays.

Don Ayco*ck told CNN he drove 90 miles round-trip from his home to a car dealership in Clay County, Florida, to buy a new Buick on Thursday, a day after the CDK shutdown. He told CNN he was able to buy the car but was unable to sign the title.

“We got a call from them today that we can come next Thursday to sign the paperwork for the title and get a permanent license plate,” he said, noting that it will be another lengthy round-trip drive.

In San Diego — where temperatures in recent days have been pushing 90 degrees — Robbie Jacob and his wife tried to make an appointment at a Kia service center to fix their car’s broken air conditioning unit. Jacob said the center told them it was unable to service the car, citing the CDK cyber incident, as there were no appointments available and all walk-ins were suspended until next week.

Can I still register my car?

Midway Automotive uses a CDK product to register cars with the Massachusetts Registry of Motor Vehicles.

Owner Michael Deveney says that after the shutdown on Wednesday, the dealership started sending customers to their local RMV office in order to register their cars in person after purchase.

“That was up until Thursday. Then customers started being told that (the RMV) wasn’t taking any walk-ins,” he said. “They were probably getting flooded with customers and started turning people away.”

Some 30 miles north in Lynn, Massachusetts, Katelyn Salvato says she hasn’t been able to register a vehicle since last Tuesday. Salvato works as a title clerk for Pride Motor Group, registering cars for three dealerships.

“Today… I sent 21 registrations to be done manually at the Massachusetts RMV,” she said.

Callahan echoed those concerns. Under normal circ*mstances, the CDK software allows the dealership to register a vehicle almost instantaneously, but now the process faces heavy delays.

“Our remote registration system is rendered useless without CDK to talk to it. We’ve had to send a runner with the registrations to the DMV to be competed in packs, costing several days where prior it took hours,” Callahan said in an interview with CNN.

When will CDK be back online?

CDK Global doesn’t believe its systems will return online before June 30.

In an automated voice message to clients, CDK said it is making “significant progress” in restoring its core application.

“We do feel it’s important to share that we do not believe that we will be able to get all dealers live prior to June 30,” the message said.

The company also urged dealerships to make alternate plans for their month-end financial reports.

However, CDK gave dealerships encouraging news on Wednesday. It said it was able to bring a “small initial test group” of car dealerships back online. The company also said it’s also working to bring additional applications back online, such as its customer relationship management and service solutions, as well as its customer care channels.

Problems began last Wednesday when CDK spokesperson Lisa Finney told CNN that the company wasinvestigating a cyber incident.

“Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible,” Finney said in the statement.

Later that day, the company said most of its critical computer systems were back online. But the next morning, the company told dealerships another incident had happened.

Why did systems go down?

CDK has said it is working to investigate the shutdown after two cyber incidents brought its systems to a standstill. The company has not confirmed who was behind the incidents.

Bloombergpreviously reportedthe company was negotiating with an Eastern Europe-based hacker group demanding tens of millions of dollars in ransom to end the outage.

CDK has not responded to CNN’s request for comment about the reported ransom.

Why is this hack so impactful?

While companies used fewer interconnected workflow systems in the past, the move to cloud computing and reliance on third-party software systems — despite helping daily business operations — creates complex systems that are more susceptible to widespread hacks.

If the main part of the centralized system goes down, it means that everything goes down. Rather than having to hack each dealership individually, all hackers have to do is hack where all the data is stored for all of them.

“It also creates kind of a bullseye and it helps attackers focus their efforts on specific types of infrastructure or specific cloud platforms,” Eric Noonan, CEO of cybersecurity provider CyberSheath, said.

And hackers are targeting organizations that serve in the supply chain of industries. By attacking CDK’s software, for instance, hackers were able to bring the vehicle dealership industry to a standstill. That gives hackers leverage to ask for larger and larger sums of money, said John Dwyer, director of security research at Binary Defense, a cybersecurity solutions firm.

Though hackers have more leverage, the success of paying a ransom and a speedy recovery is elusive, experts said.

“There’s never been a story written on a company that successfully paid a ransom, and then quickly recovered their systems,” Noonan said.

What is the financial impact on dealerships?

At a Mazda dealership in Seekonk, Massachusetts, general sales manager Ryan Callahan said the outage has affected nearly every aspect of its business.

“The financial impact it will directly have on us will take months to correct, if not years,” Callahan said.

Tom McParland, the owner of Automatch Consulting, a national car buying service, said the outage was impacting customers because they now have fewer dealers to choose from.

“It reduces their ability to get a deal,” he said. “It limits the customer’s leverage.”

Some dealers also can’t apply factory rebates without CDK’s software, so customers may miss out on money-saving deals. For customers looking to buy a car, McParland suggested casting a wide net and shopping outside their local market to find the best price.

What to know about the massive car dealership outage | CNN Business (2024)


Did CDK pay the ransom? ›

The IT systems outage for car dealerships caused by a mid-June ransomware attack still lasted two weeks. CDK Global reportedly paid $25 million to cybercriminals after a mid-June ransomware attack disrupted business for thousands of car dealerships.

Why are dealer lots empty? ›

A car inventory shortage refers to a situation in which a car dealership or manufacturer does not have enough vehicles in stock to meet demand. Supply chain disruptions, changes in consumer demand, quality control issues, and production delays can cause car inventory shortages.

Who hacked CDK? ›

Multiple outlets later reported that the group behind the attack was identified as BlackSuit, a cybercriminal team that spun off of an older, Russian-linked hacking group called RoyalLocker, according to Reuters.

What is CDK for car dealerships? ›

CDK offers cloud-based software to more than 15,000 auto dealerships across North America that manages vehicle acquisitions, sales, financing, insuring, repairs and maintenance.

Who bought out CDK? ›

Last April it was announced that CDK Global, Inc., was being acquired by Brookfield Business Partners for $8.3 billion. Under merger agreement terms, CDK shareholders were said to receive $54.87 per share in cash upon completion of the transaction.

How many dealers does CDK have? ›

CDK Global Inc., the software provider to roughly 15,000 car dealerships across North America that was crippled by a hack nearly two weeks ago, said “substantially all” of the dealers it serves have seen their management systems come back online.

Why are auto sales declining? ›

After enjoying a strong rebound in sales in 2023, the auto industry appears headed for slower growth this year as consumers struggle with elevated interest rates and high prices for new cars and light trucks. Edmunds, a market researcher, expects the industry to sell 15.7 million vehicles this year.

Is there still a car shortage in 2024? ›

The automotive supply chain will likely never look like it did pre-pandemic, but inventory levels generally recovered in 2023 and are expected to continue doing so in 2024 and 2025. Car prices remain elevated in 2024 due to inflation but are showing initial signs of decreasing as inventory stabilizes.

Why are dealers not getting new cars? ›

The pandemic and the supply chain disruptions that followed it taught the auto industry a lesson. They're quickly unlearning it. "Record-low inventories," says industry publication Automotive News, allowed automakers and dealers "to achieve record profitability during an industrywide supply shortage."

Can you find who hacked you? ›

You can also look up your hacker's IP address in various IP Abuse databases (such as abuseipdb.com) to see if other people have reported problems with the same IP address. There is a slim chance that this may give you more information about your attacker.

Who to stop hackers? ›

Protecting Online Accounts
  • Delete suspicious emails. It is best to delete spam or dubious-looking emails without opening them. ...
  • Use secure devices. ...
  • Create strong passwords. ...
  • Use multifactor authentication on your accounts. ...
  • Sign up for account alerts.

Who is BlackSuit? ›

BlackSuit, a believed Russian and Eastern European hacking group, is behind a ransomware attack on CDK, which has disrupted auto dealerships across the nation since late last week, multiple media reports say.

How many dealerships use CDK? ›

CDK Global, a software provider to some 15,000 car dealers, was waylaid by debilitating cyberattacks this week that have had a crippling effect on the auto sales industry.

What is a Tier 3 auto dealer? ›

Tier 3 automotive ads are specifically targeted at promoting dealerships in the local marketing area. Tier 3 campaigns are dealer-level ads that promote the dealership's location and the manufacturer's brand of vehicles.

What does CRM mean in car dealership? ›

An automotive CRM (customer relationship management) is a software solution that helps car companies with customer service, sales, and marketing.

Do you pay the ransom for ransomware? ›

The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.

What is ransom paid to unlock? ›

What is Ransomware? Ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert.

Do they decrypt the data after the ransom is paid? ›

If you pay the ransom, it might take several additional days to receive the decryption key and reverse the encryption. Be aware that some ransomware variants identify and destroy backups on the compromised network. If backups have been destroyed or encrypted, the recovery process can become more complicated.

How much was CDK Global Acquisition? ›

Paul, Weiss advised CDK Global, Inc., a leading automotive retail technology company, in its $8.3 billion all-cash acquisition by Brookfield Business Partners, Brookfield Asset Management's flagship private equity vehicle.

Top Articles
Latest Posts
Article information

Author: Wyatt Volkman LLD

Last Updated:

Views: 5517

Rating: 4.6 / 5 (66 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Wyatt Volkman LLD

Birthday: 1992-02-16

Address: Suite 851 78549 Lubowitz Well, Wardside, TX 98080-8615

Phone: +67618977178100

Job: Manufacturing Director

Hobby: Running, Mountaineering, Inline skating, Writing, Baton twirling, Computer programming, Stone skipping

Introduction: My name is Wyatt Volkman LLD, I am a handsome, rich, comfortable, lively, zealous, graceful, gifted person who loves writing and wants to share my knowledge and understanding with you.