Car dealerships across U.S. halt services after cyberattack
Thousands of car dealerships were ground to a halt during a normally busy holiday Wednesday by a cyber incident at CDK Global, a major software provider for dealers across the U.S.
The company “shut all systems down and executed extensive testing and consulted with external third-party experts,” Tony Macrito, a CDK spokesman, said in an email. The company’s core product — a dealer management system — and its digital retailing solutions have been restored, and CDK is testing all other applications and will provide updates as it brings them back online, Macrito said.
CDK’s systems, which many car dealerships rely on to conduct almost all of their normal business, first went down around 2 a.m. Eastern time, said Brad Holton, vice president of Proton, a cybersecurity firm that serves dealers and the auto industry.
He said CDK provided little information on what caused the outage that effectively shuttered many dealerships. Some were unable to function at all and others were forced to resort to paper recordkeeping for routine services such as oil changes, Holton said.
A BMW store in Manhattan told customers that it was forced to halt all new business, including scheduling appointments or car servicing. When asked how long its operations may be disrupted, a customer care representative for the store responded, “I truly have no idea.”
Other dealerships also struggled to do business. “We can’t access customer records, can’t set certain appointments. We can’t even print a repair order,” said Claire Glassmire, a receptionist at Barbera’s Autoland in Philadelphia. Employees were using work-arounds all day, said Glassmire, adding that “all our hands are tied.”
Proton’s Holton said some CDK functions began to come back online Wednesday afternoon, but others remained down and the restored services weren’t fully operational.
A spokesperson for Toyota Motor Corp. said the issue had been resolved and there was almost no impact to the Japanese automaker’s dealer network. Subaru Corp. said no impact had been reported.
“Dealers are very committed to protecting their customer information,” said Mike Stanton, president and chief executive of the National Automobile Dealers Assn., adding that they are “seeking information from CDK to determine the nature and scope of the cyber incident so they can respond appropriately.”
CDK provides dealerships with services including online appointment scheduling, electronic signature capabilities and messaging tools between divisions, according to its website.
Investment company Brookfield Business Partners agreed to buy CDK in an all-cash deal with an equity value of $6.4 billion in April 2022.
More to Read
Inside the business of entertainment
The Wide Shot brings you news, analysis and insights on everything from streaming wars to production — and what it all means for the future.
You may occasionally receive promotional content from the Los Angeles Times.