Half of nation's auto dealers 'affected dramatically' by cyberattack
Update: CDK hackers demand millions to end cyberattack crippling auto dealers, Bloomberg reports
Car dealers nationwide are dealing with the fallout from a cyberattack this week that's said to have forced at least some of them to shift to paper sales records.
The attack, affecting Chicago-based CDK Global, was first reported Wednesday, but the situation, according to a metro Detroit dealer, had not been resolved as of Friday.
CDK spokesperson Lisa Finney told USA TODAY for an article that published initially on Wednesday that the company shut down most of its systems “out of an abundance of caution" for customers. By that afternoon, the company indicated it had restored its core document management system and digital retailing solutions, according to the article, which called CDK "one of the leading providers of cloud-based software to dealerships in the country."
Phone and email messages left for Finney on Friday were not immediately returned.
Dealer: 'Rumor is there is some type of ransom demand'
Thad Szott, whose family owns dealerships in Michigan, said at least 50% of the dealers nationwide, whether they sell new or used cars, are struggling with the situation. He sells Ford, Chrysler, Jeep, Dodge, Ram and Toyota vehicles through Szott Auto Group in White Lake, Highland Township, Holly, Waterford and New Hudson.
“All five of our dealerships have been affected dramatically,” said Szott, who was the 2023 chairman of the Detroit auto show. “Two days ago, our operating system, which is a company called CDK Global, had a cyberattack. Rumor is there is some type of ransom demand and they had to shut down the system to make sure there was no data leak. CDK is basically our operating system inside our dealerships that does all of our accounting, supports us working with lease payments, cash prices, look up parts, write up repair orders. Basically, everything that operates inside the dealership on the computer.”
Bloomberg reported late Friday afternoon that CDK planned to pay millions of dollars in ransom to the hackers.
Early Friday, Szott held an hourlong call with his dealership team to figure out how to process sales and run the company the old-fashioned way — with paper. That means taking documents to the Secretary of State in person to process license plates, for example. This is affecting an estimated 15,000 dealers, he said.
“We have been diligently working on workaround solutions,” he said. “Some of it is manual now. But it is much clunkier internally, more cumbersome internally to process simple things like repair orders or work a car deal. … The customer is pretty much business as usual. Internally, there’s a lot going on.”
Szott's brother, Todd Szott, who's one of the family partners in Szott Auto Group and president of the Detroit Area Dealers Association, said the situation, while challenging, isn't as difficult as dealing with an internet outage.
"We used to write and prepare orders by hand. We're doing it now," he said. "We're open. It's a good time to buy a car. It's a little more difficult on our end (but we're) doing our best to make sure the customers don’t experience anything negative."
Todd Szott also noted that DADA is keeping in contact with other dealer groups and "making sure our members are getting the latest information although there's not a lot of information because (CDK Global is) in the middle of the investigation."
National Automobile Dealers Association President and CEO Mike Stanton said in a statement Friday evening that "NADA continues seeking information from CDK on the nature and scope of the cyber incident, so dealers are able to respond appropriately. Thousands of franchised new-car dealerships rely on CDK to run their businesses and this outage has impacted dealers’ ability to provide a seamless customer experience and process transactions efficiently."
Gordon Stewart, whose Stewart Management Group owns Chevrolet dealerships in Garden City, Michigan, and Orange Park, Florida, said his business was thankfully not affected by the attack, but he was well aware of it when the Free Press spoke with him Friday. Stewart's dealerships had used CDK Global's services but switched to another provider some time ago.
He called the attack "an absolute nightmare" for any business to deal with.
The Free Press also reached out to spokespeople for a number of automakers.
Stellantis spokeswoman Shawn Morgan said in a statement that "the CDK situation is evolving. Our dealerships remain open at this time, and we are monitoring it closely with CDK as they work to resolve this issue."
Stellantis owns the Jeep, Ram, Chrysler, Dodge and Fiat brands.
Ford is working with its Ford and Lincoln dealers to minimize the impact of the CDK system outage, spokeswoman Angie Kozleski told the Free Press. “This may cause some delays and inconveniences at some dealers but Ford and Lincoln customers are able to receive sales and service support from impacted dealers due to alternative processes available to the dealers.”
Curt McAllister, a spokesman based in Michigan for Toyota Motor North America, said Friday “we are aware of the situation and will engage with any affected dealers if there’s an opportunity to assist.”
The situation is also having an impact on how dealers submit information to the state.
Cheri Hardmon, spokesperson for the Michigan Department of State, said the department would "support the dealer community through this event and ensure all Secretary of State customers are served in a timely manner. Dealers already have the option to visit branches to drop off paperwork for processing. Some dealerships routinely do this as a normal part of business. Our branches and other customer service areas are ready to assist dealers."
Car buyers should be on the lookout for phishing
Cliff Steinhauer, director of information security engagement for the National Cybersecurity Alliance, which is based in Washington, D.C., said Friday that the situation “doesn’t look good,” and he warned that anyone who has purchased or leased a car could be targeted for identity theft now.
The cyberhack this week, he said, is what we call “a supply chain attack. The dealers are using this third-party software. The dealers themselves aren’t being attacked, but their service provider, CDK, is. So it’s not you being the victim, it’s your vendor. It has cascading effects."
Steinhauer confirmed that some 15,000 dealerships are coping with a breach.
“We’ve seen something like this with health care earlier this year,” he said, which impacted hospitals, pharmacies and doctors’ offices nationwide. “I see parallels between these two. These are a large number of organizations relying on the same service.”
People are urged to take action immediately, Steinhauer advised.
“The nature of the data that dealerships have, they have all of your credit data, your name, address, phone number, Social Security number, birthday — everything a bad actor would need to steal your identity,” he said.
“People should be looking after their credit, checking their reports, locking their credit if possible. I could see enrolling in identity-theft monitoring and insurance. Be vigilant for phishing messages. What will happen when attackers gain a portion of your sensitive data, they may need another thing, like your dog’s name, because they want to reset your password. They will call or text or email and try to get you to respond to give them data they are missing. You want to watch out for phishing attacks.”
Free Press staff writer Jamie L. LaReau contributed to this report.
Contact Eric D. Lawrence: elawrence@freepress.com. Become a subscriber. Submit a letter to the editor at freep.com/letters.
This article originally appeared on Detroit Free Press: Car dealer cyberattack forces some to use paper records
