CDK Global outages: A timeline of events

Updated 7:45 a.m. July 2, 2024

CDK Global, a major provider of DMS, was hit by a double cyberattack late June 19, forcing the firm to shut down its systems as it looked for a solution.

Why this matters: CDK’s software suite is used in more than half of all U.S. dealerships, making it an integral component of the retail automotive sector’s day-to-day operations. Without a functioning DMS, dealers must rely on paper alternatives to conduct business across multiple departments, heavily handicapping their ability to serve customers at normal volumes. A long-term disruption could even have an impact on the U.S. GDP, of which automotive sales comprise 3% to 3.5%.

What’s happened so far:

Early morning on June 19, CDK sent an email to its dealership clients alerting them that a “cyber incident” had occurred. The company said it would shut down all its systems to keep customer information safe but declined to confirm when service would resume.

Later in the day, the software firm restored access to some of its services, although others remained closed off as it continued its investigation.

That night, another email was sent to clients explaining that an additional cyber incident had occurred, warranting another service-wide shutdown.

On June 20, CDK said its DMS software will remain offline “likely for several days” as it continues to investigate the issue. More than 50% of dealers relied on CDK’s systems before the outage, leaving many to scramble for alternative solutions in the meantime.

Later on that day, CDG News received multiple reports of dealers receiving phishing attempts over the past several hours. The attackers are allegedly disguising themselves as CDK representatives.

On June 21, CDK’s competitors Tekion and Reynold and Reynolds showed solidarity with the affected dealer body.

That evening, Bloomberg broke the news that CDK Global is reportedly preparing to pay tens of millions of dollars to a criminal group based in eastern Europe responsible for the attack. 

On June 22, CDG News obtained an email sent to customers from CDK Global directing CDK users to its Dealer Resource Center.

On Sunday, June 23, CDK restoration efforts began. In an emailed statement, CDK said the process could take “several days” but some experts disagree.

On Tuesday, June 25, CDK emailed its customers alerting them that outages will last until June 30 at a minimum. CDK does not believe they “will be able to get all dealers live prior” to that date.

In the afternoon, CDG News received reports that a major Midwest dealer group succumbed to more phishing attacks.

Later on, CDG News became aware of an exclusive statement from CDK Global CEO Brian MacDonald to Automotive News.

The statement reads, in part:

“Our executive leadership team is engaged with dealer group customers during daily small group discussions, emails and phone calls; and our sales and customer success teams are conducting one-to-one outreach with dealers in their territories to provide alternative ways to support their sales and service efforts in the interim.”

On June 26, CDK announced that the company successfully restored system access to a small initial test group of dealers. Once validation is complete, they will begin phasing in other dealerships. CDG news confirmed that Beck Toyota in Indianapolis, Indiana, had regained access to their CDK DMS.

The next day, June 27, CDK sent another critical update to its dealer base saying that had restored services to more dealer groups, including Group 1 (confirmed by Automotive News).

On Monday, July 1, CDK announced that dealers would regain full DMS access by July 4.

Warning to all dealership personnel and leadership: If you receive this image — do not click on it.

Become an automotive insider in just 5 minutes.

Get the weekly email that delivers transparent insights into the car market.

Join 66,000 others now, it's free:

The implications: Although the scope and type of breach have yet to be revealed, the fact that critical information may have been compromised not once but twice implies that this will have consequences extending beyond a few days of lost revenue.

The bigger picture: CDK’s issues also underline a surge in attacks targeting automotive firms. While data breaches have risen across the board, especially at businesses that were formerly neglected by bad actors, the car industry has seen an abnormally high number of attacks over the last year. One such incident occurred just last week, targeting Findlay Automotive Group. It is not clear if the two attacks are related.

Bottom line: The breach of such a prominent vendor should serve as a wake-up call for the broader car industry, emphasizing the need for better protection from digital threats at the top. At the same time, practicing “digital hygiene” at the store level is also critical, as dealers themselves can also fall victim to cyberattacks.

What our readers are saying:

Reply

or to participate.