CDK Global said its dealership management systems won’t be back online before the end of June, as the company and the dealers it works with continue to struggle with the aftershocks of back-to-back cyberattacks.
CDK, which serves almost 15,000 car dealerships across North America, was first hit by an attack early morning on June 19. That forced it to shut down its systems, which are relied on by dealerships to conduct most of their routine business. Later that evening, a second “cyber incident” occurred.
CDK is facing two potential class-action lawsuits in federal court in Illinois, where it is based, from people who claim the company neglected to safeguard their information. The plaintiffs of each lawsuit are a former customer and employee of dealerships that used CDK’s systems, according to the lawsuits.
Both complaints claim the breach may have exposed customers’ and employees’ names, addresses, social security numbers, and other financial information. The lawsuits are seeking damages, for CDK to increase its efforts to protect personal information, and to purge all personal identifiable information related to the plaintiffs.
According to a memo sent to dealers Tuesday and viewed by Reuters, the software provider said it would not be able to restore its systems for all dealers before June 30. In a statement earlier this week, CDK said it is working with law enforcement and other third-parties to investigate the cyberattack and has begun restoring its services. Systems access is expected to be restored over a period of “several days,” not weeks.
“Personally, I have spoken to and continue to communicate with many dealers, OEMs and partners directly,” CEO Brian MacDonald told Automotive News Tuesday, in his first public comments since the attacks. “ I will continue to do so until we see this through.”
Bloomberg, citing a person familiar with the matter, reported Friday that the a group claiming to have been behind the hack has demanded tens of millions of dollars in ransom. The group has been identified as the BlackSuit ransomware gang, according to BleepingComputer and Recorded Future ransomware analyst Allan Liska.
BlackSuit became widely known last April and earlier this month published hundreds of stolen files from a Kansas police department that it claims refused to pay its ransom. The group has stolen data through attacks on at least 53 organizations, according to ReliaQuest researchers.
Car and heavy truck dealers across the U.S. have been forced to find alternative ways to conduct business, since they now lack access to CDK’s suite of services like e-signing and appointment scheduling tools. Some are unable to even access customer records.
Major dealers including Group 1, Sonic Automotive, Lithia Motors, and AutoNation have said they are determining the impact of the incident on their operations. Most locations remain open, having turned to old fashioned pens and paper or other workarounds.
Penske Automotive Group said its Premier Truck business uses CDK’s systems and has implemented plans to protect its systems and operate its 48 locations in the U.S. and Canada. CarMax CEO Bill Nash last week said the company does not use CDK’s systems, although there has been a small impact on its work with some dealerships that do.
