CDK cyberattack update: Select dealerships seeing Dealer Management System restored

More than a week after CDK Global’s shutdown upended operations for thousands of car dealerships, the software provider said it is in the process of restoring various applications.  

Cyberattacks last week against the company prompted CDK to shut down most of its systems, leaving some car dealerships to resort to handwritten forms to continue operations. The company's cloud-based software helps more than 15,000 auto dealerships across North America manage vehicle acquisitions, sales, financing, insuring, repairs and maintenance.

CDK is continuing a “phased approach” to restoring customers’ software, according to a company statement. It has so far brought two small groups of dealers and one large publicly traded dealer group live on its Dealer Management System. It is also working to bring back additional applications and its customer care channels. 

CDK told customers earlier this week it does not expect to get “all dealers live” before June 30. 

Details about the cyberattack

Multiple outlets reported Recorded Future ransomware analyst Allan Liska identified BlackSuit as the hacking group behind the cyberattack on CDK. Recorded Future did not immediately respond to a Friday request for comment.

BlackSuit is a newer cybercriminal team that spun off an older, Russia-linked hacking group called RoyalLocker, according to Reuters. Security firm Recorded Future says the group has breached at least 95 organizations across the globe. 

Cybercriminals are a growing threat to target car dealerships, with 17% of 175 surveyed dealers experiencing a cyberattack or incident within the past year, up from 15% the year prior, according to a 2023 CDK report. Of those dealers, 46% said the cyberattack had a negative financial or operational impact.

CDK cyberattack:CDK Global shuts down car dealership software after cyberattack

Dealerships have been an attractive target because of the vast amounts of sensitive customer data they hold. From credit applications to customer financial information, dealerships hold a treasure trove of information to hackers, according to a 2023 article from insurance company Zurich North America.

"In addition, dealership systems are often interconnected to external interfaces and portals, such as external service providers," according to the report, and many dealerships "lack basic cyber security protections."

How are dealers being impacted? 

Thad Szott, whose family owns dealerships in Michigan, told the Detroit Free Press the shutdown had a dramatic effect on all five of his dealerships.

“Some of it is manual now. But it is much clunkier internally, more cumbersome internally, to process simple things like repair orders or work a car deal,” he told the Free Press, part of the USA TODAY Network, last week.

Craig Schreiber, one of the owners of the Northtown Automotive Companies in New York, told USA TODAY the company was able to go "old school" and use handwritten, manual forms in its departments after CDK's systems were shut down.

J.D. Power and GlobalData say new car sales likely took a hit from the cyberattack, and expect U.S. retail sales in June to be down about 5.4% from last year.