Search our blog for articles and insights right here, just type your interest and dive into a world of knowledge.
Popular articles
Ransom Demand Following CDK Global Hack Disrupts North American Car Dealerships
North American car dealerships are facing significant disruptions following a ransomware attack on CDK Global, a prominent software provider for the industry. The hacking group responsible for the breach has demanded a ransom in the tens of millions of dollars, according to an individual familiar with the situation. CDK is reportedly planning to meet the demand, although the situation remains fluid as discussions continue. The attackers are believed to be based in Eastern Europe.
Since CDK identified the cyberattack and shut down its systems on June 19, dealerships have been grappling with widespread chaos. CDK's dealership management system (DMS)—a suite of essential software tools—supports nearly every facet of daily operations for auto retailers. The outage has severely impacted sales, repair services, and vehicle deliveries, which are crucial components of an industry that grossed over $1.2 trillion in the US last year. The timing of the attack is particularly problematic as it coincides with an end-of-quarter sales push.
Industry Struggles Amid Chaos
"It’s just mass chaos at this point," stated Diana Lee, the CEO of Constellation, a marketing agency collaborating with numerous auto dealerships. She emphasized the critical role of the DMS, explaining that dealerships depend on it for sales, services, parts management, and even vehicle stocking. CDK managed to briefly restore some services on June 19, but a subsequent cyberattack forced another shutdown. The company has warned that systems may remain offline for several days.
Rising Ransom Demands in Cyberattacks
This incident is part of a broader trend of escalating ransom demands in recent cyberattacks. Earlier, attackers sought $50 million from a lab services provider, leading to outages in London hospitals. Earlier this year, UnitedHealth Group Inc., the largest medical insurer in the US, paid $22 million in extortion fees after another ransomware attack.
CDK has not disclosed the identity of the hackers but has cautioned customers about potential phishing attempts by malicious actors posing as CDK representatives. In response to this breach, the company advised clients to verify and trust communications only from known CDK employees.
Limited Alternatives and Widespread Reliance
The car dealership industry’s reliance on a few key DMS providers, due to decades of consolidation, has amplified the impact of CDK's service disruption. Thousands of dealerships depend on CDK for managing finances, inventory, and sales operations. One significant player, Sonic Automotive Inc., reported that the cyberattack would likely negatively influence its operations. While Sonic has reopened its dealerships using workaround solutions, it remains uncertain if the financial repercussions will be substantial.
Market Fallout
The ripple effects extended to the stock market, where CDK’s parent company, Brookfield Business Partners LP, experienced its worst trading day since October, with a 5.7% decline. Shares of major dealer groups like AutoNation Inc., Group 1 Automotive Inc., and Sonic Automotive Inc. also saw a downturn.
