A huge cyber incident at a data provider for the automotive industry disrupted operations at thousands of US and Canadian auto dealerships on Wednesday— a busy holiday.
CDK Global, whose software supports around 15,000 dealerships, confirmed the cyber attack it faced and said it was working to fix it, according to CNN.
"We are actively investigating a cyber incident," CDK spokesperson Lisa Finney said in a statement.
"Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible."
CDK Global provides a range of services to car dealerships, including online appointment scheduling, electronic signatures, and inter-department messaging tools. In April 2022, Brookfield Business Partners agreed to acquire CDK in an all-cash deal valued at $6.4 billion.
While not all dealerships rely entirely on CDK's products, those that do have faced significant operational challenges.
The disruption began around 2 a.m. Eastern time. Brad Holton, vice president of Proton, a cybersecurity firm serving the auto industry, said that CDK has provided little information regarding the cause of the outage.
As a result, some dealerships were unable to function entirely, while others had to revert to paper record-keeping for routine services.
Holton added that some CDK functions began to return Wednesday afternoon, though not all were fully operational.
Later in the afternoon, CDK also released an update saying that some systems had been restored.
In Manhattan, a BMW store informed customers that all new business, including scheduling appointments and servicing cars, was halted.
CDK spokesman Tony Macrito said the company "executed extensive testing and consulted with external third-party experts."
The core dealer management system and digital retailing solutions have been restored, and CDK is currently testing other applications, with updates forthcoming as they are brought back online, Macrito added.
Mike Stanton, president and CEO of the National Automobile Dealers Association, said the industry is committed to protecting customer information.
He added that the dealerships are "seeking information from CDK to determine the nature and scope of the cyber incident so they can respond appropriately."