Nationwide cyberattack impacts dozens of Iowa car dealerships

Kyle Werner and Bailey Schulz, Des Moines Register
·4 min read

A cyberattack has shut down automated systems at car dealerships across the U.S., including in Iowa, leaving them to find other ways to continue operations.

CDK Global, a provider of software used by over 15,000 dealerships across the country, shut down most of its systems “out of an abundance of caution" for its customers after the Wednesday attack, according to CDK spokesperson Lisa Finney. The company said it restored some systems that afternoon, but shut down most of them once again after it was hit with an additional cyberattack later that evening, according to a letter to customers.

"Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems," the letter said. "We are currently assessing the overall impact and consulting with external 3rd party experts."

More: EPA urges water utilities to protect nation's drinking water amid heightened cyberattacks

The company did not have an estimated time frame for when systems would be back up. Dealerships continued to report issues with CDK systems on Friday. It is not known exactly how many dealerships were affected by the attack.

In Iowa, according to Bruce Anderson, president of the Iowa Automobile Dealers Association, a quarter of around 270 new car dealerships acrpss the state were still being affected as of Friday. Dealerships specializing in heavy-duty trucks and motorcycles also may be affected.

More: Hospitals across US disrupted after cyberattack targets healthcare titan Ascencion

But Anderson said the dealerships' customer information should be safe.

"A feature of CDK is that dealers have to encrypt their information as a requirement of federal law," Anderson said. "While it may be compromised by an outside actor shutting down access to it, it's encrypted in multiple levels of security that would keep it from being able to be deciphered and accessed."

He said customers have no reason to be worried about the cyberattack.

"It appears that's kind of a frequent cyberattack method operation that is used to disrupt a business's functionality and then agree to restore it or to back away in exchange for a ransom of some type," he said.

CDK has not confirmed whether a ransom has been demanded, but Bloomberg, citing a person familiar with the situation, reported a group associated with the attack was demanding tens of millions of dollars.

What does CDK Global do?

One of the leading providers of cloud-based software to dealerships in the country, CDK's software helps dealerships manage vehicle acquisitions, sales, financing, insurance, repairs and maintenance.

The company's website says it offers a “three-tiered cybersecurity strategy to prevent, protect and respond to cyberattacks.”

How are Iowa dealers being impacted?

Anderson noted that other software providers are offering immediate access to their systems for dealerships while CDK has suspended its operations.

The software enables the processing of forms, sales transactions, appointment scheduling and other functions.

"CDK is the backbone of our business," said Jason Willis, CEO of Willis Automotive in Des Moines and vice chair of the dealer association. "When we found out about it, we immediately severed our lines of communication from a computer standpoint, put our firewall in, and our customers' information and data are 100% secure."

More: Feds launch hunt, offer $10 million reward for Russian ransomware mastermind

As with many dealerships, Willis Automotive has meanwhile reverted to pens and paper to maintain operations.

"We really just moved back into taking care of customers in the service department and on the sales side with pen and paper and a few other workarounds with other software," Willis said. "We have to continue running our business.

"The biggest impact is efficiency," he added. "The speed at which we do business has slowed down. Our guests are still being taken care of. The write-up process just takes a little longer as we're writing down the information instead of typing it in."

Anderson said he doesn't expect the outage to linger.

"Auto dealers are resourceful. This is day three of this attack, and they've figured out the workarounds," he said. "While this is a headache, I think it probably will be a short-term headache."

Why are car dealerships targeted by cyberattacks?

The incident follows another recent cyberattack against Findlay Automotive Group, which operates in Arizona, California, Idaho, Utah and Oregon. The dealership said the attack restricted its ability to conduct sales and service, according to the Las Vegas Review-Journal.

A 2023 report from CDK notes that cybercriminals are a growing threat to car dealerships, with 17% of 175 surveyed dealers experiencing a cyberattack or incident within the past year, up from 15% the year prior. Of those dealers, 46% said cyberattacks had a negative financial or operational impact.

Dealerships have been an attractive target because of the vast amounts of sensitive customer data, from credit applications to financial information, they hold, according to a 2023 article from insurance company Zurich North America.

"CDK does a great job, and we're confident that when it comes back up, they'll continue to be a great provider," Willis said. "We just need to continue to do business in the way that we know how, and take care of our guests and we'll come out the other side."

Kyle Werner is a reporter for the Register. Reach him at kwerner@dmreg.com.

This article originally appeared on Des Moines Register: Iowa car dealerships affected by CDK Global cyberattack