cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cyber attack stalls operations for as many as 15k car dealerships

As many as 15,000 car dealerships across the US have been prevented from conducting business after a cyber attack crippled software provider CDK Global.

user icon Daniel Croft
Thu, 20 Jun 2024
Cyber attack stalls operations for as many as 15k car dealerships
expand image

The company provides software for car dealership operations, such as CRM, payroll, support and service, inventory, financing, sales and more. General Motors dealerships and Group 1 Automotive are just two of its customers.

CDK Global announced on Wednesday (19 June) that it had detected a cyber attack on its systems.

“We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems,” CDK spokesperson Lisa Finney said in a statement seen by media.


“We are currently assessing the overall impact and currently have no ETA.”

“We are continuing to conduct extensive tests on all other applications, and we will provide updates as we bring those applications back online.”

Later on Wednesday, CDK’s core document management and digital retail systems were restored.

While the exact number of dealerships affected by the incident was mentioned, CDK said it services almost 15,000 car dealerships with its software-as-a-service (SaaS) platform.

According to media reports, employees have raised concerns regarding the potential for threat actors to gain control of car dealerships’ internal networks.

CDK Global’s software requires car dealerships to configure an always-on VPN for its data centres so the platform can be accessed by locally installed applications. According to BleepingComputer, the platform has administrative privileges used to update the software, which could be leveraged to control the network.

CDK has advised that its customers disable the VPN for the time being.

At the time of writing, Cyber Daily has not been able to identify the threat actor behind the attack.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.