Affected dealers across Canada and the U.S. can’t process vehicle sales or repairs, or order parts by computer
- A pair of cyberattacks targeting software company CDK Global has hobbled about 15,000 dealerships in Canada and the U.S.
- The company’s dealer management system (DMS) software processes everything from sales contracts to service repair orders
- Reports say Russian group BlackSuit may be behind the hack, and are asking for a ransom of tens of millions of dollars, which CDK plans to pay
If your dealership is having trouble servicing or selling a vehicle to you, it could be the result of a recent cyberattack. CDK Global, an Illinois-based company that provides software to some 15,000 auto dealers in Canada and the U.S. to run their sales and service departments, shut down its dealer management systems (DMS) following a cybersecurity attack that appears to have been masterminded by a Russian-based hacking group.
More specifically, CDK shut down its DMS following the attack on June 19, 2024. It brought it back online the next day, but then closed it again following a second attack.
On top of all that, some dealers – including in Canada – have reported getting calls from people claiming to be from CDK technical support. In reality, they’re hackers taking advantage of the situation, and who are trying to get the dealers to reveal passwords into their systems.
Many dealers have gone back to pen-and-paper as they wait for systems to come back up; but in some jurisdictions, dealerships couldn’t even return vehicles to their owners after repairs were done, because local laws won’t let them release a vehicle until the service repair order is closed and it had to be done through the computer.
It seems BlackSuit, a hacking group based in Russia and Eastern Europe, is responsible for the attacks. The group has been known to work with another hacking group called Royal Ransomware, which takes a cut of any ransom paid in return for letting groups use its hacking tools.
According to Bloomberg, the group has demanded tens of millions of dollars from CDK, which plans to pay the ransom. A CDK spokesperson told news outlets it is working with law enforcement and expects to restore the systems “within coming days,” but would not name the hacking group that attacked it.
Bloomberg reports that BlackSuit had previously stolen files from a police department in Kansas; shut down blood donation centres; and stole data from schools and universities in Georgia and Indiana. In 2023, the U.S. experienced a “record-breaking year” for cyberattacks, with more than US$1 billion in ransom paid to cyber-criminals.
The CDK attack is expected to affect vehicle sales at one of the busiest times of the year, when automakers are promoting summer promotions and finishing up their mid-year sales numbers. It’s reported that at least two of CDK’s competitors, Tekion and Reynolds and Reynolds, are offering that company assistance by providing online dealer tools and paper forms for CDK to use.
While CDK Global is headquartered in the U.S., it belongs to a Canadian private equity firm, Brookfield Business Partners. Based in Toronto, Brookfield bought CDK for some $8.3 billion in 2022.
Sign up for our newsletter Blind-Spot Monitor and follow our social channels on Instagram ,Facebook and X to stay up to date on the latest automotive news, reviews, car culture, and vehicle shopping advice.