Thousands of car dealerships across the United States could not operate due to a cyber incident at CDK Global, a primary software provider for the automotive industry. The outage caused significant disruptions, halting operations and forcing dealerships to use manual processes.
CDK Global responded by shutting down all systems, conducting extensive testing, and consulting with external cybersecurity experts to address the issue.
According to Tony Macrito, a spokesman for CDK, the company’s core product—a dealer management system—and its digital retailing solutions have been restored. CDK is testing other applications and will provide updates as they return online.
The systems first went down around 2:00 AM Eastern Time, significantly impacting dealership operations.
Brad Holton, vice president of Proton, a cybersecurity firm serving the auto industry, stated that CDK provided minimal information about the cause of the outage, leaving many dealerships in the dark. Some dealerships were completely shut down, while others had to switch to paper record-keeping for essential services such as oil changes.
In Manhattan, a BMW dealership informed customers that it had to stop all new business, including scheduling appointments and car servicing. A customer care representative admitted uncertainty about when operations would return to normal.
Similarly, at Barbera’s Autoland in Philadelphia, receptionist Claire Glassmire reported that employees could not access customer records, set appointments, or print repair orders, forcing them to use makeshift solutions throughout the day.
According to Holton, by Wednesday afternoon, some CDK functions began to come back online, but many services were still down or not fully operational.
Despite these widespread issues, a spokesperson for Toyota Motor Corp. mentioned that the problem had been resolved with minimal impact on their dealer network. Subaru Corp. also reported no significant effect.
Mike Stanton, president and chief executive of the National Automobile Dealers Association, emphasized dealerships’ commitment to protecting customer information. He noted that dealers are seeking more details from CDK to understand the nature and scope of the cyber incident, enabling them to respond appropriately.
CDK Global provides a range of services to dealerships, including online appointment scheduling industry stakeholders, who are increasingly aware of the critical importance of robust cybersecurity measures, will closely watch CDK Global’s recovery and future prevention strategies, electronic signature capabilities, and messaging tools between divisions. This cyber incident highlights the heavy reliance of dealerships on these digital services for their daily operations.
The cyber incident follows CDK’s acquisition by Brookfield Business Partners in April 2022 in an all-cash deal valued at $6.4 billion. As the company navigates the fallout from the incident, it faces the challenge of restoring full functionality to its systems and addressing the concerns of its dealership clients.
This incident underscores the vulnerabilities inherent in modern businesses’ digital infrastructure, particularly in industries like automotive sales and services that depend heavily on integrated software solutions.
Industry stakeholders, who are becoming increasingly aware of the critical importance of effective cybersecurity measures, will be closely watching the recovery and future prevention strategies adopted by CDK Global.