fb-pixel New Cyberattack shuts down car dealerships, CDK Global Under Siege -
Shop All

New Cyberattack shuts down car dealerships, CDK Global Under Siege


As car enthusiasts, we understand the intricacies of the automotive industry, it’s hard to ignore the recent cyberattack that has left CDK Global, a leading software-as-a-service (SaaS) platform for car dealerships, in turmoil. This attack has not only disrupted CDK’s operations but has also had a ripple effect on the dealerships relying on its services across the U.S. and Canada. The situation unfolded dramatically, highlighting the vulnerabilities in modern automotive dealership management systems (DMS) and the importance of cybersecurity.

The Initial Cyberattack

The chaos began late on June 19th when CDK Global detected an unauthorized breach in their system. This initial attack prompted the company to shut down its data centers, IT systems, and login portals as a precautionary measure. The decision to shut down was necessary to prevent the spread of the attack and to protect sensitive data from further compromise.

CDK Global’s senior manager of external communications, Lisa Finney, stated that the company chose to err on the side of caution. They proactively shut down all systems and engaged in extensive testing while consulting with external cybersecurity experts. By Wednesday afternoon, CDK managed to restore its core dealership management system and digital retailing solutions. However, this was just the beginning of their troubles.

The Second Breach

As CDK Global began the process of bringing their systems back online, they faced another cyber incident late on June 19th. This second breach forced the company to shut down most of its systems once again. The timing couldn’t have been worse, as dealerships were just starting to recover from the initial disruption. This recurring issue highlights the relentless nature of cyber threats and the persistent risk they pose to businesses.

Brad Holton, CEO of Proton Dealership IT, noted that the attack caused CDK to take its two data centers offline around 2 AM. This move was crucial to contain the breach, but it also meant that dealerships were left without access to vital systems for a prolonged period. Holton emphasized the significant impact on dealerships, which had to revert to manual processes like using spreadsheets and sticky notes to manage sales and repairs.

CDK Global Cyber Attack: Major Disruption in the Automotive Industry

The Impact on Dealerships

The cyberattack had far-reaching consequences for dealerships across the U.S. and Canada. Many dealerships struggled to maintain normal operations without access to their usual digital tools. This included managing inventory, processing sales transactions, and providing customer service. The outage disrupted some of the largest automotive dealers in the world, including the Penske Automotive Group. Their Premier Truck Group business, which relies on CDK’s systems, had to implement business continuity plans and operate through manual processes.

A study conducted by CDK Global last year revealed that 17% of dealers had experienced a cyberattack or incident within the previous year. This statistic underscores the growing threat that cybercriminals pose to the automotive retail industry. The study also highlighted the significant downtime and financial losses associated with such attacks, with an average downtime of 3.4 weeks for dealers and nearly a quarter of impacted dealers unable to retrieve stolen data.

The Cybersecurity Landscape in Automotive Retail

David LaGreca, CDK Global’s senior vice president and general manager of IT Solutions, stated in a 2023 press release that cybercriminals are increasingly targeting auto retailers with sophisticated methods. These attacks often appear to come from secure and trusted sources, making them difficult to detect and prevent. LaGreca emphasized the importance of employee awareness training as a critical component of a dealership’s cybersecurity plan.

Research from Coveware, cited in CDK’s press release, indicated a drastic increase in data theft and extortion over the past four years. The average financial payout to cybercriminals skyrocketed from $44,000 in 2019 to $740,144 in 2023. This dramatic rise in cybercrime costs highlights the urgent need for robust cybersecurity measures in the automotive retail industry.

Top Cybersecurity Threats

CDK’s research identified several top threats facing dealerships:

  • Email Phishing Scams: Cybercriminals use deceptive emails to trick employees into divulging sensitive information or clicking on malicious links.
  • Lack of Employee Awareness: Human error remains a significant vulnerability, underscoring the need for ongoing training and education.
  • Ransomware: This type of malware encrypts a victim’s data, with the attacker demanding a ransom for its release.
  • PC Virus/Malware: Malicious software can infiltrate systems, causing damage and data breaches.
  • Theft of Business Data: Cybercriminals target valuable business information for financial gain.
  • Stolen/Weak Passwords: Poor password practices can lead to unauthorized access and data breaches.
  • Vehicle Cyberattacks: As cars become more connected, they too become targets for cybercriminals.

The Path Forward

In response to the ongoing cyber threats, CDK Global and other companies in the automotive retail sector must prioritize cybersecurity. This includes investing in advanced security technologies, conducting regular system audits, and implementing comprehensive employee training programs. It’s also crucial for dealerships to have contingency plans in place to maintain operations during a cyber incident.

CDK’s actions following the attack demonstrate their commitment to security. By shutting down systems and consulting with external experts, they aimed to mitigate the impact of the breach. However, the repeated incidents highlight the need for continuous improvement and vigilance in cybersecurity practices.

The Role of Trusted Partners

Having a trusted partner to manage IT infrastructure can make a significant difference when a cyberattack occurs. LaGreca emphasized that it’s no longer a matter of “if” but “when” a cyber breach will happen. Dealerships must have preventative measures in place and work with reliable IT partners to minimize the impact of such attacks.


The cyberattack on CDK Global serves as a stark reminder of the vulnerabilities in modern dealership management systems. It highlights the critical importance of robust cybersecurity measures and the need for continuous vigilance. As the automotive industry becomes more digitized, the risk of cyber threats will only increase. Dealerships and their IT partners must work together to safeguard their systems and ensure business continuity in the face of cyberattacks.

The ongoing situation with CDK Global underscores the urgent need for the automotive industry to prioritize cybersecurity. By learning from these incidents and implementing comprehensive security strategies, dealerships can better protect themselves and their customers from the ever-evolving threats posed by cybercriminals.