Update added to bottom of the article.
Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in anprevious cyberattack.
CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership's operation, including sales, back office, financing, inventory, and service and support.
CDK became aware that they were breached Tuesday night, causing them to shut down their data centers, IT systems,and login systems.
The attack led to a massive outage as car dealerships could not conduct their normal operations, including servicing or selling vehicles.
Last night, the company had begun to restore services, bringing their Unifi modern login service back online, though other systems were still being restored.
Unfortunately, as CDK was restoring its services, they were once again forced to shut down their systems after suffering another breach late yesterday evening.
"We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th," reads a CDK notification seen by BleepingComputer.
"Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts."
Brad HoltonofProton Dealership IT, owned by CDK-competitor Reynolds and Reynolds, told BleepingComputer that all of his customers remain down today, with little information being shared by CDK about the incident with customers.
The outages are affecting some of the largest automotive dealers in the world, such as Penske Automotive Group, who says it has impacted theircommercial truck dealershipPremier Truck Group.
"Our Premier Truck Group business utilizes CDK, and its systems are disrupted. The commercial truck dealership business has lower volumes than the automotive business and principally serves business customers,"Penske Automotive Group told BleepingComputer.
"Premier Truck Group has implemented its business continuity response plans and continues to operate through manual processes developed to respond to such incidents."
A more recent update from CDK , as seen by BleepingComputer, says they aim to bring systems back online on Friday, June 21.
However, cybersecurity and IT professionals in the automotive industry have told BleepingComputer that they believe CDK is moving too fast in bringing services back online, potentially increasing the risk to its customers.
While the outages are significantly impacting the car sales industry, there is concern that CDK is not properly investigating the scope of the breach before bringing servers back online.
Not properly mitigating a breach could lead to further cyberattacks, as evidenced by last night's second breach, and a greater risk of theft of customer data.
Car buyers and owners are impacted, too
While this is affecting car dealerships, it is also affecting customers who want to purchase a new car or service an existing one.
BleepingComputer was contacted by multiple customers yesterday who attempted to purchase a car, only to be told that systems were down and that they could not be helped.
As the entire process for purchasing a car, including inventory, vehicle registration, and financing, is handled by CDK's platform, dealerships cannot conduct sales or are forced to manual processes.
Similar stories were shared by car owners looking to service their cars, with dealerships warning that there would be delays in receiving parts due to systems being down.
Update 6/20/24 1PM ET: A new CDK status update, shown below, says that they are no longer able to provide an estimate as to when systems will be restored, and the outage will likely continue for several mode days.
"If you are not aware, we experienced an additional cyber incident late in the evening on June 19.
We continue to act out of caution, and to protect our customers, we have taken down most of our systems. Do not attempt to access the DMS until we can confirm the system is secure. Digital Retail and CDK phones continue to be functional.
At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available likely for several days.
As of now, our Customer Care channels for support remain unavailable as a precautionary measure to maintain security. It is a high priority to reinstate these services as soon as possible.
Along with the Critical Situation emails, we are providing updates in Unify and have two phone numbers to contact CDK for the latest recorded update." - CDK Global
CDK Global spokesperson Lisa Finney told BleepingComputer that the company is working with third-party experts to restore services as soon as possible.
"Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems," Finney told BleepingComputer.
"In partnership with third party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible."
Related Articles:
CDK warns: threat actors are calling customers, posing as support
CDK Global cyberattack impacts thousands of US car dealerships
CDK Global outage caused by BlackSuit ransomware attack
AI platform Hugging Face says hackers stole auth tokens from Spaces
Ascension redirects ambulances after suspected ransomware attack
