CDK Global said most of its core dealership management system functionality has been restored after it shut down most of its systems around the country in response to an early morning cyberattack June 19.
“As we’ve communicated previously, we are currently investigating a cyber incident,” a CDK statement said. “Erring on the side of caution, we proactively shut all systems down and executed extensive testing and consulted with external third-party experts. With the work done so far, our core DMS and Digital Retailing solutions have been restored. We are continuing to conduct extensive tests on all other applications, and we will provide updates as we bring those applications back online. Our first priority is always the security of our customers, and our actions reflect our obligation to them as a trusted partner.”
In an afternoon update CDK sent to its customers, the company explained its progress in greater detail.
“With the work done so far, we have determined that DMS, Digital Retail and CDK Phones were not affected in this incident and they have been restored. Both Unify and DMS direct login access are available.”
The executive shared a screen shot of the message CDK sent to dealership customers. It reads, in part:
"Critical Situation update - Dear Valued Customers, we are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems. We are currently assessing the overall impact and currently have no ETA. Please know our teams are working hard to get everything up and running and we will update as information is available. Sincerely, CDK Customer Care."
The message was sent to customers experiencing any issues as well as dealerships who "have the potential to experience the issue and have signed up for critical alerts," CDK said.
CDK's message outlined specific products affected by the shutdown. They include: CDK Service, Common Admin, DRIVE, Drive Workflow Menu, Fortellis, Fortellis Integration Portal, Global Content Management, Intelligence Suite, Modern Retail CRM, Modern Retail Digital Retail, Modern Retail eSign and MyInstall Dealer Portal.
Erik Nachbahr, president of cybersecurity services provider Helion Technologies, said that CDK is taking the right steps to address a cyberattack when it strikes.
“While we don’t yet know the details of the incident, CDK has taken the step to in their words, 'shut down the majority of our systems.' Disabling computer and software systems is a dramatic yet critical step to contain and assess any cybersecurity related incident,” Nachbahr said. “The vulnerability of a software provider such as CDK underscores the dramatic rise in cyberattacks and the need for dealers to take their own cybersecurity seriously.”
The CDK attack comes a little over a week after Findlay Automotive Group was hit by a cybersecurity attack that hampered some of its sales service and operations, impairing operations for days.
A dealer in the Northeast who is a CDK customer and asked not to be identified said people may rush to criticize the DMS giant but should be mindful “that the issue is part of the world we live in today and likely to happen to them at some point. We all have to be vigilant,” the dealer said.
CDK's dealership management system serves close to 15,000 dealership locations, according to its website. That number jumps to 30,000 when trucks are factored in. Now a private company, analysts believe it dominates the market by a wide margin.
The temporary DMS shutdown had dealerships scrambling to continue selling cars and servicing vehicles. But many said business was not interrupted much.
“People these days seem to have forgotten how to use a pencil,” Ed Morse Automotive Group CEO Teddy Morse said. “We can still take the customer's information; we can still write down their concerns. We can still take a piece of paper and walk it over to the technician and get the job done.”
Allie Peters, vice president of fixed operations for Cavender Auto Group in San Antonio, said things have been rather normal on the service side at its eight rooftops. She said one of her managers early in the day asked if they should be turning customers away. She told him absolutely not.
“We’re rockin’ and rollin’,” Peters said. “But the reality is if it goes on for much longer then it gets extremely inconvenient. Right now, it’s only a little bit annoying.”
Peters said her service departments relied on other programs such as Xtime and myKaarma to check customers in and collect payments.
Repair orders were being written by hand and parts looked up online. She said once CDK is up and running as usual again then those repair orders and parts purchases will have to be logged into the system.
She said some of the group’s employees have been working in dealerships long before computers.
“One of them said to everyone, ‘We’re doing this old-school today,’ ” Peters said.
A Midwestern dealership executive who asked that his name not be used because of CDK contractual requirements on information disclosure said the company first sent a message about the system being down around 2 a.m. Eastern time. A second message referring to the system shutdown as a "cyber incident" was posted around 8 a.m.
Dan Shine, senior retail editor, and staff reporter Julie Walker contributed to this report.
*This article was originally published on Automotive News.