CDK Global hit by cyberattack, impacts over 15k car dealerships

CDK Global, a provider of software-as-a-service (SaaS) solutions for car dealerships, has experienced a significant cyberattack, leading to the shutdown of their IT systems, phones, and applications. On June 19, 2024, CDK Global's systems were taken offline at approximately 2 AM to prevent the spread of the cyberattack.

The disruption has impacted the operations of over 15,000 car dealerships across North America, which rely on CDK's platform for critical functions such as customer relationship management (CRM), financing, payroll, inventory management, and back office operations. Maby dealerships have resorted to manual processes or being sent home due to the inability to perform their duties.

While there has been speculation that the incident may be a ransomware attack, this has not been officially confirmed by CDK Global. The specific types of data exposed and the number of impacted individuals have not been disclosed.

CDK Global has advised its clients to disconnect always-on VPN connections to the company's data centers as a precautionary measure.

Update - CDK suffered a second breach on June 19, 2024, while recovering from an earlier cyberattack, forcing another shutdown of their systems. This additional breach has caused widespread outages, severely disrupting car dealership operations, including sales and services, and affecting customers attempting to purchase or service vehicles; there are concerns that CDK is moving too quickly in restoring services, potentially increasing risks.

Multiple sites report thay the BlackSuit ransomware gang is responsible for the massive IT outage at CDK Global, disrupting car dealerships across North America. Apparently, CDK is negotiating with the hackers for ransom payment.

As of 26th of August 2024, CDK reported that there was no compromise of personally identifiable information, meaning dealerships do not need to notify employees or customers of any data breach.