DK Cyberattack Outage

Vehicles sit in a row outside a dealership on June 2, in Lone Tree, Colo. David Zalubowski/Associated Press

Thousands of car dealers are struggling to do business this week because of two cyberattacks on an industry software provider.

The cyberattacks on CDK Global, which provides software to nearly 15,000 car dealerships in the United States and Canada, led to a shutdown of sales, financing and payroll systems for many dealers. That has forced some car sellers to do business the old fashioned way.

“Everything is messed up – we have to do everything manually,” said Kevin Red, a car salesman at AutoNation Honda Dulles in Sterling, Va. “There’s discomfort for everybody. For us, for management, for customers.”

Here’s what to know about the cyberattacks’ impact.

What happened with CDK’s systems?

Advertisement

CDK experienced its first attack Tuesday evening, cybersecurity trade publications reported. The company shut down dealerships’ systems Wednesday as a precaution while the incident was investigated, spokesperson Lisa Finney told the Associated Press.

CDK did not respond to multiple requests for comment from The Washington Post on Friday.

The company restored some systems by Wednesday afternoon, but another “cyber incident” occurred that evening and was still affecting many dealers Friday, Finney told AP.

The second cybersecurity incident suggests CDK may have brought its systems back online before it fully understood the problem, experts said.

“They may have realized at that point that it was going to be a game of whack-a-mole, and that they’re not going to be able to win until they identify all the compromises,” said Rob Lee, the chief curriculum director for the SANS Institute, a cybersecurity training organization.

How long will the effects last?

Advertisement

Cybersecurity professionals say it could take weeks for CDK to fully restore all systems.

“One cyberattack has disproportionate impacts,” said Jake Williams, a member of the faculty at the Institute for Applied Network Security, a cybersecurity consulting firm. “Most organizations just don’t have disaster recovery plans and business continuity plans that are high-quality and tested enough to deal with a large-scale attack.”

This cyberattack has a “ripple effect” across the country because the company has so many individual clients, said Williams, who described CDK as the “800-pound gorilla” of car-dealer software. Several major auto companies use CDK systems in their dealerships, including Ford, General Motors and Stellantis.

Can you still buy a car?

It depends.

Customers may be able to buy a car on paper, but they may not be able to complete some parts of the process, such as registration with state motor-vehicle agencies and setting up financing with banks and credit providers. There’s no easy way for dealers to conduct those operations until CDK resolves its problems, Lee said.

Advertisement

“It really has moved from a ‘Hey, we’ll come back online within a week, sit tight,’ to a real nuisance,” Lee said.

AutoNation Honda Dulles is letting some people drive off the lot with cars they intend to purchase on a “case by case” basis, Red said. Customers must return to complete paperwork and finalize the sale once the dealership’s CDK system functions properly again, he added.

How will this get fixed?

“The first thing is just figuring out the exposure to the hack, really, so taking a moment to basically check through your systems, certainly find the point of compromise,” said Katie Brooks, the global cybersecurity policy director for Aspen Digital.

It’s difficult, Brooks said, for large companies such as CDK to get reports about cyberattacks 100 percent correct initially because they may not know the extent of an attack’s network penetration.

Meanwhile, dealerships should develop a “pen and paper plan” to make sure they can still sell cars, she said.

“You need a way to do business that is unplugged, and that is the old school way of operating, and your staff needs to be aware of it,” Brooks said. “This attack, in particular, demonstrates the need for those resilience measures.”

Related Headlines

Join the Conversation

Please sign into your Press Herald account to participate in conversations below. If you do not have an account, you can register or subscribe. Questions? Please see our FAQs.