top of page

Ransomware Attack on Auto Industry Impacts Consumer Experience

The recent ransomware attack on CDK Global has left car dealerships across the nation grappling with severe disruptions, substantially affecting the sales process and customer experience.


RANSOMEWARE

CDK Global, a leading software provider for auto dealerships, was the target of two cyberattacks this week, bringing operations to a standstill. While dealerships like the Grappone Automotive Group in New Hampshire continue to sell and deliver vehicles, the process has become significantly more labor-intensive and time-consuming.

"We're still selling cars and delivering cars. The delivery part of the process, the paperwork part of the process, is going to take us a little bit longer," said Larry Haynes, CEO of Grappone Automotive Group.



Industry-Wide Impact


CDK Global's software is integral to roughly 15,000 dealerships across North America, facilitating critical functions such as title processing, accounting, warranty reimbursements, and technician time-tracking. The back-to-back attacks on CDK have left dealerships scrambling.


Dan Bennett, President of the New Hampshire Automobile Dealers Association (NHADA), highlighted the extensive reliance on CDK’s systems, noting that dealerships face extensive operational setbacks.



Economic Ripple Effects


The auto industry, already struggling with supply chain issues, now faces additional hurdles due to the CDK shutdown. This timing is particularly detrimental given the typically high sales volume during the summer months.


Auto retailers have had to revert to manual processes, leading to significant delays in transactions and services. Tasks such as issuing new titles and license plates have become particularly cumbersome, with dealerships finding workarounds but experiencing slower operations.


"No dealers are shut down. It’s business as usual, but maybe slower,” said Mark Bilek, Senior Director of Membership for the Chicago Automobile Trade Association.



Consumer Inconvenience


For consumers, this breach means longer wait times and potential delays in purchasing vehicles, registering titles, and receiving repair services. The added inconvenience places stress on both customers and dealership employees.

Scott Grove, Director of Operations at Max Madsen Mitsubishi in Aurora, noted that titling and issuing new license plates have been major challenges, adding stress to an already strained situation.



Uncertain Timeline for Resolution


As of Friday morning, CDK Global has not provided an estimated time frame for resolving the issue, stating that systems will likely be down for several days. Customer care support channels remain limited, further complicating the situation for affected dealerships.

CDK’s spokesperson Lisa Finney confirmed that systems had been shut down to investigate the cyber incidents, adding that restoring services without risking further breaches will be a meticulous and careful process.



Sector-Wide Concern


This attack is a stark reminder of the vulnerabilities within critical economic sectors. Previously, the healthcare industry faced similar challenges, such as the ransomware attack on Ascension’s computer systems in May, which disrupted hospital operations significantly.

CDK Global's 2023 cybersecurity report revealed that 17% of auto dealers experienced cyberattacks in the past year, underscoring the growing importance of robust cybersecurity measures in the industry.



Moving Forward


While dealerships adapt to these immediate challenges, the industry must prioritize cybersecurity to prevent future disruptions. The CDK incident highlights the interconnected nature of modern businesses and the cascading effects of third-party vulnerabilities on vast sectors of the economy.


Dealers like Todd Szott of Szott Auto Group in metro Detroit are finding temporary workarounds to keep their businesses operational. However, until CDK fully restores its services, the auto industry will continue to navigate a precarious landscape.



Final Thoughts


This ransomware attack serves as a wake-up call for the auto industry to bolster its defense mechanisms against cyber threats. Meanwhile, consumers must brace for potential delays and disruptions as all parties work towards resuming normal operations. The importance of a resilient and secure digital infrastructure has never been more evident.

Comments


bottom of page