Blog - Secure Compliance Solutions

CDK Global Ransom Attack: What You Need to Know

Written by Anya Fernandez | August 22, 2024

On June 18th and 19th, CDK Global, a leading provider of dealership management systems (DMS), experienced significant cyberattacks. The breaches affected thousands of car dealerships across the United States, leaving both dealerships and customers struggling. CDK’s DMS, essential for sales and financing, was offline for almost two weeks. 🚨

The Incident Unfolds

What Happened?

On Wednesday, June 19, CDK Global reported a cybersecurity breach, necessitating a system shutdown. While some systems were briefly restored that afternoon, a subsequent attack later that evening forced another shutdown. The Eastern European group BlackSuit claimed responsibility, demanding tens of millions of dollars in ransom.

The Ransom Payment and Its Potential Cost

CDK Global reportedly paid a ransom to regain control of their systems. Although the exact amount has not been disclosed, industry experts estimate that such payments range from $10 million to over $30 million. However, the financial impact goes beyond the ransom:

  • Operational Downtime: Disrupted services for nearly two weeks
  • Lost Business: Interrupted sales and services for dealerships
  • Potential Fines: For data breaches and non-compliance
  • Reputational Damage: Long-term impact on customer trust

These factors combined could lead to losses in the hundreds of millions.💸

How Did Hackers Get In?

The attackers exploited system vulnerabilities and used phishing and social engineering tactics to breach CDK Global’s environment. By planting backdoors, they facilitated further unauthorized access during the system restoration process, allowing BlackSuit to take CDK’s DMS offline immediately after its restoration.

Impact on Dealerships and Consumers

Impact on Dealerships

CDK Global’s SaaS solutions, including their DMS software, managed essential operations like sales, title work, financing, services, and parts orders for 15,000 car dealerships. The breach affected approximately 50% to 60% of U.S. dealerships, forcing many to revert to manual processes. Tom Maoli, owner of Celebrity Motor Car Company, reported significant delays, with some customers unable to complete transactions and cars stuck in limbo at dealerships. 🚗

Implications for Consumers

  • Personal Data Security: Purchasing a car involves sharing extensive personal information—addresses, phone numbers, and financial details. Data breaches can compromise this sensitive information, exposing consumers to identity theft and financial harm.
  • Service Disruptions: Planning to buy a car or schedule routine maintenance? Delays were inevitable. Dealerships managing appointments and sales manually faced longer wait times, rescheduled services, and potential non-compliance with financial laws.

Trust in the Digital Age

While virtual services offer convenience, they also come with increased cyber risks. Cyberattacks erode trust in both SaaS providers and the businesses that depend on them. As data breaches become more frequent, consumers grow wary of who holds their personal information. Companies like CDK may lose business to competitors due to shaken confidence. 😔

A Growing Threat

This incident reminded us that no industry, company, or individual is immune to cyber threats. Cliff Steinhauer, Director of Information Security and Engagement at the National Cybersecurity Alliance, emphasized that such attacks are increasingly common, affecting diverse sectors from healthcare to education.

Protecting Against Third-Party Risks

What Can You Do?

  • Scrutinize Vendors: Evaluate the cybersecurity practices of your SaaS vendors. Look for regular security assessments and compliance with industry standards.
  • Implement Controls: Ensure robust access controls and continuous monitoring to detect unauthorized activities promptly.
  • Incident Response Plans: Establish comprehensive incident response plans to swiftly mitigate breaches involving third-party systems.

Take Action: Scrutinize your vendors now, implement strong controls, and have a solid incident response plan in place.

Let this serve as a call to vigilance in protecting personal data and understanding the widespread impacts of cyberattacks on everyday services.

Need help with cybersecurity for your business? We're here to answer your questions and make sure you stay safe.
Call 708-593-3516 or email us info@scsprotect.com

 

SOURCES

CBS NEWS
Reuters