A recent CDK hack sent a multi-billion dollar industry scrambling

If you’re involved in car dealerships or work in tech, you should care about the details surrounding last week’s CDK hack.

Overhead view of multiple lane highway overpasses

7/17/2024: On June 28th, CDK began the process of restoring operations for dealerships affected in the cyberattack. This started with a small group of dealers, and improvements happened gradually across the thousands of businesses facing problems. By July 4th, all companies were back up and running as usual. It's believed that CDK was forced to pay a hefty ransom fee of $25 million in order to fend off attackers.

Since last week, automotive dealerships across the world have been operating in a state of panic. That’s because CDK, a major player in the world of  dealer management software, has shut down as a result of cyber attacks. A breach by malicious actors brought CDK to an abrupt halt, disrupting standard operations for the thousands of car dealerships that depend on their services. We dove headfirst into this topic, exploring the whos, whats, and whys at the heart of the story. 

What is CDK? 

CDK, or CDK Global, is nothing short of a giant in the automotive industry. Founded in 2014, CDK has since become a global corporation on whom thousands of car, truck, and heavy equipment companies rely to provide business-enhancing technology. CDK designed high-functioning software to manage tasks such as tracking vehicle inventory, making themselves an indispensable resource for car dealerships across the globe.

Using integrated technology, CDK optimizes customer relationship management and manages consumer data. Ironically, CDK software also works to secure client data and shield dealerships from being affected by cyber attacks. Because this corporation offers such a full suite of technological benefits, it’s no surprise its collapse triggered aftershocks throughout the dealership industry. 

How were dealerships affected? 

Following last week’s devastating cyber breach, roughly 15,000 dealerships have been temporarily debilitated. Once dependent on CDK’s software to perform routine business processes, dealership employees are now forced to seek creative alternatives. Many have resorted to a time before the Internet, when pen and paper were used to record transactions.

CDK software is typically responsible for tracking lot inventory and managing auto loans, but these tasks must now be accomplished by harried employees. Now lacking the efficiency customers are used to, car dealerships have seen numerous delays across the board. Subsequently, purchasing a vehicle is a slower, more frustrating process. Likewise, there’s a longer wait for car maintenance due to appointment booking software being down.

Fortune reports that CDK is out tens of millions of dollars, having used these funds to pay the ransom being demanded by hackers. Though the exact numbers are not yet known, these persistent issues are sure to mark a period of decreased profit for all companies involved. A class action lawsuit is already in the works, wherein a group of affected dealerships plan to sue CDK. They allege that the corporation’s negligence is part of what led to the data breach, and it could have been prevented had proper safety measures been put into place.

This lawsuit could cost CDK millions more, further destroying their financial state. Meanwhile, businesses worldwide continue reeling as they face frustrating delays, setbacks, and money loss. As CDK rebuilds in the wake of the attack, thousands of dealerships are also left picking up the pieces. 

Who is responsible for the cyberattack? 

The enigmatic nature of cyber crimes can make them feel especially scary. Hidden behind the anonymity of the Internet, culprits of online offenses adopt an air of mystery. In the case of the CDK cyber attack, not much has been made public about the criminals behind it. As of now, we know the breach was perpetrated by a group called BlackSuit.

Since BlackSuit first appeared in May 2023, this team of cyber criminals has been wreaking havoc on the Internet. Having hacked over 90 organizations around the globe, this group has proven its willingness to victimize companies when they spot a vulnerability. Members of the BlackSuit group are known to confiscate sensitive data and threaten to leak it if compensation is not provided.

In one fell swoop, BlackSuit elicits ransom money and paralyzes the business activity of its victims. When they find a company to victimize, they do so without concern for those affected. 

What can we learn from the attack on CDK? 

Many times, corporations as big as CDK appear invincible. Last week’s cyberattack served as a grim reminder that companies, even large ones, have vulnerabilities that can be exploited. It’s important to think proactively about potential cyber-attacks, so your company can be prepared if and when it’s targeted by someone with bad intentions.

In the aftermath of any large-scale data breach, it’s important to remember the key elements of risk mitigation: employee awareness and data-saving strategies. While no business likes to dwell on the potential of cyber attacks, thorough education is necessary in order to prevent them. If employees are trained to recognize data breach attempts, they’ll be equipped to combat them when they appear.

Phishing, a kind of cyberattack that uses employee emails to extract data, is one common tactic that must be openly discussed so that it can be avoided. Furthermore, companies must remember how crucial it is that all data be backed up. When data is stored this way, the recovery process post-attack will be much smoother. By taking such precautions, companies limit the risk of attack while simultaneously preparing themselves for the worst if it happens. 

Can custom web solutions protect against cyber-attacks?

Though no solution is completely immune to cyber attacks like the one on CDK, there is certainly evidence to support a custom RV web solution as a layer of protection against it. Consider this: why would a group like BlackSuit target a single RV dealership's software suite when they can go after a giant like CDK and take out thousands?

Custom web solutions, like those we offer here at By the Pixel, are also uniquely tailored to the individual business for whom they are developed, from database to front end, making them inherently more time-consuming and difficult to hack into. And if security is a concern, our dev team can add even more layers of protection without having to go through an approval process. 

Learn more at By the Pixel

Like much of the tech industry, we at By the Pixel like staying updated on major trends. Check out our previous projects to see what we’re capable of, and contact us if you need custom website development.