> "If you are not aware, we experienced an additional cyber incident late in the evening on June 19.
> We continue to act out of caution, and to protect our customers, we have taken down most of our systems. Do not attempt to access the DMS until we can confirm the system is secure. Digital Retail and CDK phones continue to be functional.
> At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available likely for several days.
> “My selling team can hand-write a buyer’s order,” said Brian Benstock, general manager of Paragon Honda and Paragon Acura in Long Island City, New York.
> But salespeople could lack access to customer agreements that had been previously negotiated, making it harder to close those sales, dealers CNN spoke with said. There’s more than just the negotiated price of the car involved, since these agreements can involve rebates and incentives, some of which customers must show they’re qualified for.
> CDK Global provides sales and service data for 15,000 auto dealers in the U.S. and jumps to a total of 30,000 when accounting for truck dealers, per Auto News. CDK Global “dominates its market by a wide margin”.
> [CDK Global]'s “core” product, the dealer management system — is a software hub that allows car dealerships to track all sales operations in one place.
> The cyber incidents impacting CDK come just a week after Findlay Auto Group, which operates dozens of dealerships in six states, announced that a recent cybersecurity issue had impacted its IT systems.
Since you're the only response @smcin (thanks for the update)
Further 6/25/2024 Update: Ransomware being demanded by group called Blacksuit (sounds like a wealth management company). Apparently believed to be a rebrand of the Royal ransomware operation, which is believed to be the direct successor of the notorious Conti cybercrime syndicate. https://www.bleepingcomputer.com/news/security/cdk-global-ou...
> In June 2023, the Royal Ransomware operation began testing a new encryptor called BlackSuit amid rumors that they planned to rebrand under a new name after they attacked the City of Dallas, Texas. Since then, attacks under the Royal name have disappeared, with the threat actors now working under the BlackSuit name.
> In November 2023, the FBI and CISA revealed in a joint advisory that Royal and BlackSuit share similar tactics and coding overlaps in their encryptors.
Many major automotive dealership and supply companies have filed SEC Form-8K's notifying shareholders of a "significant disruption to activities." Include: Group 1 Automotive, Sonic Automotive, Penske Automotive Group, Lithia Motors, and Asbury Automotive Group. https://www.theregister.com/2024/06/24/the_number_of_cdk_cus...
> According to Group 1 Automotive's filing, CDK told customers that recovery will be a matter of days rather than weeks
Other sites are skeptical of the link, because "as of Monday, CDK Global is not yet listed on the BlackSuit gang's dark web site, where the group would publicly list its victims to shame them into paying a hefty ransom" and CDK still will not respond. https://www.axios.com/2024/06/24/blacksuit-ransomware-cdk-gl...
> customers started being told that (the RMV) wasn’t taking any walk-ins,” he said. “They were probably getting flooded with customers and started turning people away.” Deveney said one customer got increasingly agitated because he couldn’t register his car. “Getting an appointment might take three or four days, and in that time they aren’t really able to drive their cars,” he added. ... “Today… I sent 21 registrations to be done manually at the Massachusetts RMV,” she said, adding that the RMV won’t accept transactions from dealership employees.
> Don Aycock told CNN he drove 90 miles round-trip from his home to a car dealership in Clay County, Florida, to buy a new Buick on Thursday, a day after the CDK shutdown. He told CNN he was able to buy the car but was unable to sign the title.
> Yuriy Loginov filed a potential class-action suit in the U.S. District Court in the Northern District of Illinois on Saturday, claiming CDK failed “to implement reasonable and industry standard data security practices to properly secure, safeguard, and adequately destroy Plaintiff’s and Class Members’ sensitive personal identifiable information.”
The amount of personal information stolen is enormous, and possibly one of the largest thefts ever. Digital Deal Jackets includes an eLibrary with 8,500 different document types with at least: Customer ID (driver's license, ect..), Disclosure of Known Defects (VIN, title, origin, registration cards, carfax reports, vehicle photos, shipping docs), Buyer's Guide, Payment Instrument (loan agreement, credit application, payment terms Proof of insurance coverage, trade-in vehicle, bill of sale, current loan account balance, ePayments and wallets), OFAC (Specially Designated Nationals and Blocked Persons list) Search https://www.autoremarketing.com/subprime/cdk-global-release-...
Reddit has a decent amount of discussion, and most doesn't look great. Speficially industries other than cars, lack of ability to quickly switch, chain of products that need to be disabled, dealers are likely "insurance perspective responsible" (it means that the dealership - NOT CKD - will need to provide breach notification) [1r][2r][3r]
> "I have worked at two tractor dealerships and am currently at a heavy equipment/construction dealership and all use cdk." [...] "Heavy equipment is affected as well. It's not a fun time, especially with 20+ equipment and attachment manufacturers under one roof." [...] "Not just car dealerships but affecting hundreds of big rig truck dealerships that use cdk." [...] "I work in a farm equipment dealership, we just installed CDK in April. We decided on CDK in August 2023...April 15th was the earliest they could set is up. You're looking at months to move to a new system, at minimum." (from a different article: "CDK works closely with the leading agriculture equipment distributors including AGCO, Bobcat, Ditch Witch, John Deere, Kubota and CNH.") [...] "I work an international dealership and we’re struggle bussing."
> Even if your dealership lawyers tore apart contracts for breach of service and FTC vendor violations you can't migrate away. No system to import into DT or R&R or whatever from, you'd have to start entirely from scratch and do a full inventory start to bottom which (between fighting to get out of contract, signing new DMS contract, onboarding, learning new DMS, and doing full PI) is likely as long or longer than sticking with CDK.
> CDK Drive Updates rely on software called CDK SIA and another piece of software called Adaptiva which is installed on every computer that uses CDK Drive. If SIA or Adaptiva gets breached or has gotten breached they could remotely install malware on every computer that has CDK on it.
> (From insurance industry commentator) CDK is likely the data holder, but the dealership is probably the data owner. If any information of the client's dealership was acquired, it means that the dealership - NOT CKD - will need to provide breach notification, credit monitoring etc. [...] The dealerships need to work with their insurance guy to determine if this incident qualifies as a reportable, "circumstance." Failure to report a circumstance before renewal could later lead to a declination of coverage for this event. There are a few cyber insurers I know of that concentrate in this space. Large dollars on the line could easily lead to these insurers denying coverage later on to save their bottom line.
https://www.reddit.com/r/serviceadvisors/comments/1dk8uh8/th...