Updated on 6/24
If you were thinking about buying a new car or taking your car to be serviced at the dealership this weekend, expect the long, painful process that you expect to experience to be much longer and more unbearable.
An extensive cyberattack is affecting a major supplier of the software auto dealerships in the U.S. and Canada use every day.
Related: The most 'American' truck isn’t made by Detroit’s Big Three
According to the Wall Street Journal and Automotive News, a major cyberattack is affecting the day-to-day operations of more than 15,000 auto dealerships. Software establishing the backbone of their operations has been out for multiple days.
On Sunday, days after the initial attack, CDK said that it is in the process of restoring its software back to operational status, a process that it expects to take several days to complete.
"We anticipate that the process will take several days to complete, and in the interim we are continuing to actively engage with our customers and provide them with alternative ways to conduct business,” a CDK spokesperson told CNN.
Bloomberg reported that the company was negotiating with an Eastern European hacker group that is demanding tens of millions of dollars in order to end the attack.
CDK Global, a multinational software company that has been owned by Brookfield Business Partners since 2022 is the provider of a type of specialized software known as Dealer Management Systems, or DMS; systems that dealerships rely on to document sales in the showroom, track service records and look up parts for cars in the service department.
On June 19, the company reported that it had been hit by a cyberattack, though it was able to restore most of its core functionality later that day only to encounter yet another cyberattack.
The next day, June 20, it alerted dealers using its DMS software that it is shutting down most of its functions as a cautionary measure, which has been extended through June 21 with no resolution in sight.
"We continue to act out of caution, and to protect our customers in response to the cyber incidents that occurred on June 19. In addition to our customer systems, many integration points have been disabled," CDK Global told its customers.
"At this time, we do not have an estimated time frame for resolution and therefore our dealers' systems will not be available likely for several days. We will continue to provide updates as they become available."
Though auto dealers have workarounds to use in case of emergencies like power outages or storms, the loss of the software that makes their job very streamlined and efficient has turned into tedious work that has become very difficult.
On separate threads on the Reddit auto technician community r/Justrolledintotheshop, technicians at dealers and service bays affected by the outage expressed that their jobs have become more difficult, as documenting simple repair and maintenance jobs has to be done manually.
One Reddit user by the name of u/phxbimmer, said in one thread that without the CDK software, the computerized work at the parts counter of a Arizona BMW dealership has been reduced to "hand-writing invoices and looking up parts prices/stock manually," noting that they are "dreading all the manual data entry we'll be doing whenever CDK comes back online."
In another thread, Reddit user and Subaru Senior Master Technician u/Chippy569 said that without CDK, there is "no idea how we're going to get paid," adding that the process of requesting and acquiring parts for repairing or maintaining cars "is an absolute clusterf--k."
"They have no inventory access and no way to bill anything, no price matrix, etc," they told other Reddit users. "Right now it's like hand written or excel tables of what VIN got what part #s and just guessing on prices based on list. Doing an estimate for anything more than 2 parts right now is a full on ordeal."
More Automotive:
- Maserati exec defends the use of a car feature drivers hate
- Feds are skeptical about the safety of popular driver-assist tech
- Young guys who like loud cars are likely to be psychopaths, study suggests
Related: President Biden's grand EV plans have a new critic
Enterprising hackers are taking cheap shots
To make an already bad situation much worse, CDK customer dealers have reported attempted breach attempts by bad actors posing as CDK IT support staff.
As per Automotive News, scammers have been phoning dealership employees, asking for their credentials in the promise of restoring service.
"We are aware that bad actors are contacting our customers and partners, posing as members or affiliates of CDK, trying to obtain system access," CDK warned its customers. "CDK associates will not and have not been soliciting access or passwords to customers systems or environments. Any request should be immediately treated as suspicious."
Additionally, CDK asked its customers to be more vigilant and to not disclose any sensitive information to anyone they do not recognize.
"Please reiterate to your employees the importance of being alert to acts of phishing and take the necessary preventative precautions. Engage with known or validated CDK associates, and do not provide sensitive information such as passwords or provide system access under any circumstances," the company said.
Competitors chip in
Dealers running software from CDK's competitors may see a opportunity amongst the madness. As per the Wall Street Journal, JP Morgan Chase analysts said on June 21 that dealerships are resorting to using analog methods to write out car sales and terms, but noted that dealership service departments may lose money to other dealerships that don't use CDK, as they may be able to conduct repairs and services more quickly.
However CDK's competitors see that the outage is affecting the dealership industry as a whole. As per Automotive News, they are doing whatever they can to help out dealers affected by the outage to keep chugging along.
In a comment on a June 21 post on LinkedIn about the outage, the president of CDK competitor Reynolds and Reynolds, Chris Walsh said that the cyberattacks on CDK are an attack on the dealership industry, noting "the impact of this goes far beyond CDK — it is hurting a lot of dealers and consumers as we enter the peak of summer," adding, "We all need to find ways to help" and "We feel for every dealer impacted and are doing everything we can to help them."
According to Walsh, Reynolds and Reynolds is looking to help supply dealers with paper repair orders, forms for purchases and retail installment contracts in the meantime, and providing dealers with access to their Desking software to work out deals on showroom floors for free.
Jay Vijayan, the CEO of CDK competitor Tekion, said on LinkedIn that he "couldn't get any sleep" in light of the outage, adding that he and his team are "discussing different options to help."
"If things don't get resolved in the next 24 hours we will come out with a plan to help dealers so that [dealers] can run their business."
Related: Veteran fund manager picks favorite stocks for 2024