CDK Global says its dealer management system should be back online Wednesday evening or Thursday morning, about two weeks after the software provider was hit by an outage. successive cyber attacks last month.
“We are continuing our phased approach to the restoration process and are quickly bringing dealers live on the Dealer Management System (DMS),” the company said in a statement. “We expect all dealer connections to be live on Wednesday evening, July 3 or Thursday morning, July 4.”
CDK, which serves nearly 15,000 auto dealers in North America, was first hit by an attack in the early morning of June 19, forcing it to shut down its systems, which dealers rely on to conduct most of their routine business. A second “cyber incident” occurred later that evening.
Car and truck dealers in the US are forced to find alternative ways of doing businessas they now no longer have access to CDK’s suite of services such as e-signing and appointment scheduling tools. Some even have no access to customer data. Major dealerships such as AutoNation, Lithia Motors and Sonic Automotive have been affected.
The six largest U.S. public dealerships — which include those three companies, as well as Asbury Automotive and Group 1 — are likely to see a 10% drop in second-quarter profit because of the disruptions, analysts at J.P. Morgan said. The sixth company, Penske Automotive, has said it is using CDK systems only for its Premier Truck Group.
Due to the disruptions, a “significant number of sales” that were due to take place in June are expected to take place later this month, according to JD Power. Losses from the disruptions could total $944 million if they are not resolved by July 6, according to Michigan-based Anderson Economic Group. Automotive news.
The cyberattack on CDK was launched by the BlackSuit ransomware gang, according to BleepingComputerwhich demanded tens of millions of dollars in ransomThe group was common knowledge last apriland earlier this month hundreds of stolen files published from a Kansas police department that refused to pay the ransom.
In addition to the general implications for CDK and the dealers it serves, the software vendor is faced with at least two potential class action lawsuits in federal court by people who claim the company failed to protect their information. The lawsuits seek damages, that CDK must increase its efforts to protect personal information, and that it must delete all personally identifiable information related to the plaintiffs.