CDK Global, a major software provider to auto dealerships in the U.S., has been hacked, forcing the company to shut down most of its systems temporarily. This cyberattack effectively halted sales operations at approximately 15,000 car dealerships, including those under General Motors, Group 1 Automotive, and Holman.
“We are actively investigating a cyber incident,” a CDK spokesperson told CBS News. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”
The hack began on Tuesday evening, as reported by Bleeping Computer, a cybersecurity news site. The disruption has taken the 15,000 car dealerships it serves offline. Although it remains unclear who is behind the cyberattack, CDK has been working with third-party experts to restore its systems.
By Wednesday afternoon, CDK announced that some systems were back online. “With the work done so far, our core dealer management system (DMS) and Digital Retailing solutions have been restored. We continue to conduct extensive tests on all other applications and will provide updates as we bring those applications back online,” CDK said in a statement to CBS MoneyWatch.
Moreover, CDK Global’s DMS is a critical hub that allows businesses to monitor operations from a single interface. Its retail tools facilitate transactions both online and in showrooms. The company’s software also helps manage payroll, inventory, and office operations. CDK touts its cybersecurity capabilities on its website, highlighting a three-tiered strategy to prevent, protect, and respond to cyberattacks.
Some dealership employees turned to alternative methods to continue operations during the outage. Employees shared on Reddit that they were using spreadsheets and sticky notes to sell small parts and perform repairs, although large transactions were impossible. One employee from Wisconsin asked, “How many of you are standing around because your whole shop runs on CDK?” with confirmations from others in Colorado and beyond.
The incident underscores the vulnerability of critical systems and the widespread impact a cyberattack can have on business operations. CDK Global continues to work on restoring all functionalities while investigating the source of the attack.