North American car dealerships return to pen and paper after cyberattacks on software vendor


NEW YORK (AP) — North America’s auto dealerships are still grappling with major disruptions that began last week with cyberattacks on a company whose software is widely used in the automotive retail industry. automobiles.

CDK Global, a company that provides software to thousands of car dealerships in the United States and Canada, was hit by back-to-back cyberattacks on Wednesday. This led to an outage that continued to impact operations.

For potential car buyers, that meant delays at dealerships or handwritten vehicle orders. There’s no immediate end in sight, but CDK says it expects the restoration process to take “several days.”

On Monday, Group 1 Automotive Inc., a $4 billion auto retailer, said it was using “alternative processes” to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also revealed that they have implemented workarounds to maintain their operations.

Here’s what you need to know.

What is CDK Global?

CDK Global is a major player in the automobile sales sector. The company, based just outside Chicago in Hoffman Estates, Illinois, provides dealers with software technology that helps them with their daily operations, such as facilitating vehicle sales, financing, insurance and repairs. .

CDK serves more than 15,000 retail locations in North America, according to the company.

What happened last week?

CDK suffered back-to-back cyberattacks on Wednesday. The company shut down all of its systems after the first attack out of an abundance of caution, according to spokeswoman Lisa Finney, then shut down most systems after the second.

“We have begun the restoration process,” Finney said in an update over the weekend, noting that the company had launched an investigation into the “cyberincident” with third-party experts and notified law enforcement.

“Based on the information we have at this time, we anticipate that the process will take several days and, in the meantime, we continue to actively engage with our customers and offer them alternative ways to conduct their business “, she added.

In messages to its customers, the company also warned of “bad actors” posing as CDK members or affiliates to try to gain access to the system by contacting customers. He urged them to be wary of any phishing attempts.

The incident had all the hallmarks of a ransomware attack, in which targets are asked to pay a ransom to access encrypted files. But CDK declined to comment directly – neither confirm nor deny whether it had received a ransom demand.

“When you see an attack like this, it’s almost always a ransomware attack,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. “We unfortunately see it again and again, (especially over) the last couple of years. No industry, organization or software company is immune.

Are the affected dealers still selling cars?

Several major automakers — including Stellantis, Ford and BMW — confirmed to The Associated Press last week that the CDK outage had affected some of their dealerships, but that sales operations were continuing.

In light of the current situation, a Stellantis spokesperson said Friday that many dealers have moved to manual processes to serve customers. This includes writing orders by hand.

A Ford spokesperson added that the outage could cause “delays and inconvenience to some dealers and customers.” However, many Ford and Lincoln customers still receive sales and service assistance through alternative routes used at dealerships.

“People who have been around longer – you know, guys who maybe have a little salt in their hair like me – we remember how to do it before computers,” said John Crane of Hawk Auto Group, a company in Westmont, Illinois. based dealership operator that uses CDK. “It’s just a few extra steps and a little more time.”

Although the affected Hawk Auto dealerships are still able to serve their customers by “getting back to basics,” Crane added that those working in administration are still “pulling our hair out.” He notes that there are now stacks of paper waiting to be processed – instead of orders that went through a computer automatically overnight.

Group 1 Automotive Inc. said Monday that the incident disrupted its business applications and processes in its U.S. operations that rely on CDK dealer systems. The company said it has taken steps to protect and isolate its systems from the CDK platform.

In their regulatory filings, Lithia Motors and AutoNation revealed that last week’s incident at CDK also disrupted their operations.

Lithia said it activated cyber incident response procedures, which included “breaking business service connections between the company’s systems and those of CDK.” AutoNation said it has also taken steps to protect its systems and data, adding that all of its sites remain open “albeit with reduced productivity” as many are served manually or through alternative processes.

HOW CAN I PROTECT MYSELF?

While many details about the cyberattacks remain unclear, customer privacy is also a priority – especially since little is known about what information may have been compromised this week.

If you bought a car from a dealership that uses CDK software, cybersecurity experts stress that it’s important to assume that your data may have been breached. This could potentially include “some pretty sensitive information,” Steinhauer noted, like your Social Security number, employment history, income and current or former addresses.

Affected people should monitor their credit – or even freeze their credit as an extra layer of defense – and consider purchasing identity theft insurance. You will also need to be wary of any phishing attempts. It’s best to make sure you have reliable contact details for a company by, for example, visiting its official website, as scammers sometimes try to take advantage of information about data breaches to gain your trust through emails or similar phone calls.

These are some best practices to keep in mind, whether or not you are the victim of a CDK data breach, Steinhauer said. “Unfortunately, these days our data is a valuable target – and you need to make sure you take steps to protect it,” he said.

___

Associated Press writer Mike Householder in Detroit contributed to this report.





Source link

Leave a Comment

Your email address will not be published. Required fields are marked *