A cyberattack on CDK Global, a crucial software provider for car dealerships across the United States, caused major disruptions on a typically busy Wednesday, underscoring the auto industry’s reliance on vulnerable digital systems.
CDK Systems Shut Down After Early Morning Incident
The cyber incident struck CDK Global’s core dealer management system and digital retailing solutions around 2 a.m. Eastern Time. In response, the company shut down all systems to conduct thorough security checks and consulted with cybersecurity experts. “We’ve restored core functionalities and are rigorously testing everything else before bringing them back online,” said CDK spokesperson Tony Macrito.
The outage had a widespread impact, significantly hampering many dealerships and forcing them to revert to manual record-keeping methods. Brad Holton, a representative from cybersecurity firm Proton, criticized CDK for providing limited information about the cause of the outage. “Dealerships were effectively shut down, with some unable to function at all,” Holton remarked.
 Disruptions Reported Across the Country
The impact of the outage was felt nationwide. A BMW dealership in Manhattan was forced to halt all new business activities, while Barbera’s Autoland in Philadelphia struggled with limited access to customer records and faced issues in scheduling appointments or printing repair orders. Staff at various dealerships resorted to workarounds to manage basic services such as oil changes.
By Wednesday afternoon, some CDK functions began to come back online, although full functionality had not yet been restored. This slow recovery process highlights the complexity and severity of the cyberattack.
Limited Impact for Some Automakers
While many dealerships faced severe disruptions, some automakers like Toyota and Subaru reported minimal impact within their networks.
The attack has raised significant concerns about the security of customer data and the preparedness of dealerships for cyber threats. Mike Stanton, CEO of the National Automobile Dealers Association, stressed the importance of data protection for dealerships and called for more information from CDK to understand the incident and develop an appropriate response.
CDK Global is a fundamental part of the automotive industry, providing essential services to dealerships, including online appointment scheduling, electronic signatures, and internal communication tools. The cyberattack on such a key provider underscores the critical need for robust cybersecurity measures to ensure business continuity.
 Recent Acquisition and Cybersecurity Concerns
In April 2022, Brookfield Business Partners acquired CDK Global for $6.4 billion, highlighting the company’s strategic importance. This acquisition further emphasizes the need for enhanced cybersecurity protocols to protect such critical infrastructure.
The cyberattack on CDK Global serves as a wake-up call for the automotive industry, exposing the vulnerabilities within dealership IT systems. As dealerships work to recover and prioritize the security of customer data, this incident underscores the urgent need for robust cybersecurity measures to safeguard against future disruptions. In an increasingly interconnected world, prioritizing cybersecurity is essential for maintaining the resilience and reliability of the automotive industry’s digital infrastructure.
The CDK Global cyberattack has laid bare the auto industry’s dependence on digital systems and the significant vulnerabilities within these systems. The widespread disruption caused by the outage highlights the need for improved cybersecurity measures across the industry. As dealerships navigate the aftermath of the attack and implement stronger security protocols, the incident serves as a stark reminder of the importance of protecting digital infrastructure in an era where cyber threats are ever-present. By prioritizing cybersecurity, the automotive industry can better ensure the resilience and continuity of its operations in the face of future cyber challenges.