By Motus
July 17, 2024
Cyber-attacks. Data breaches. It seems like every other week there’s another company or industry targeted by malicious hacks. Each of these has implications for consumers at these companies and in these markets. What makes the CDK outage different is the implications for both companies and consumers. So what happened? And how can it impact your business? In this blog we’ll walkthrough who CDK Global is, what caused the CDK Global outage and, ultimately, how this event could impact companies.
CDK Global is a U.S. based software service provider. For the past 50 years, they’ve provided thousands of auto dealerships across the U.S. and Canada with software solutions. These solutions include online sales, customer and dealer management systems, finance and insurance software and more.
On June 19th, 2024, CDK Global’s systems suffered a breach. For the dealerships using this provider, this breach left them unable to operate. This system outage lasted two weeks. During that time, auto dealerships reverted to manual operations, significantly reducing their sales and service operations. According to the Anderson Economic Group, the direct loss from this outage was $944 million.
While CDK hasn’t shared further information on the attacks specifics, there’s a record of a transfer of around $25 million in Bitcoin on June 21st. The choice to pay the ransom in this situation is controversial for a number of reasons. Perhaps one of the biggest reasons is this payment encouraging other cyber-attacks in the future.
According to IBIS World, as of 2023 there are nearly 70,000 new vehicle auto dealers in the U.S. This attack impacted 15,000 auto dealers, affecting not only the vehicle sellers but those interested in buying. Let’s take a look at exactly how.
This is simple. For about two weeks buyers couldn’t buy without considerable delays. With the CDK software down, dealership employees couldn’t track inventory, pull credit checks, create contracts for sale or calculate auto loan interest rates. These tasks could be and were done by hand, but at a much slower pace than with the software operational.
For an individual buyer, this could mean a long, frustrating day at the local dealership. For a company replacing their fleet of vehicles, the task would be an impossibility.
Vehicle owners hoping to have their vehicles serviced faced similar frustrations. Because the CDK software served as appointment scheduler and kept track of vehicle parts for repairs, dealerships had little choice but to make do with spreadsheets. But, with demand so high, this could only do so much.
Individuals hoping to have their vehicle serviced suffered the frustrations of long waits, reschedules and more. Companies relying on dealership service for their fleet vehicles were in a tougher position.
An attack on the software dealerships use has an outsized impact on their business. As mentioned above, the delays in vehicle purchases and services provided meant considerable financial loss. But this hack sets a precedent with alarming implications.
The software being hacked meant dealerships couldn’t operate, but its highly possible that sensitive customer information could have been exposed. Given the information shared with dealerships, from addresses and income to employment history and social security numbers, consumers should do what they can to protect themselves from identity theft. On an individual buyer level, that can be an exhausting but important step.
From a corporate perspective, the stakes are even higher. While a certain amount of risk is inherent in any business, what amount of avoidable financial exposure should a company be comfortable with? Businesses should consider the ramifications of a potential breach, and how many vulnerabilities they want to expose themselves to that they cannot directly control.
Cyber-attacks aren’t necessarily a new phenomenon, but the amount of attacks and their scale has seen an increase over the past several years. Security is a foundational element of any company’s smooth operation. But it is growing harder to guarantee. The CDK ransomware attack shows us even unexpected areas like a company’s vehicle program can expose vulnerability.
Following this event, questions have arisen. What industry might be next? How can companies prepare for a future dealership data breach? One solution is a vehicle program that relies less on a pool of company-owned vehicles and more on the personal vehicles of driving employees.
Interested in learning more about the costs and vulnerabilities of a fleet program?
With Motus, accurately capturing business mileage has never been faster or easier.
Contact us today or take a virtual tour of the Motus Platform.
One Pager 
Report