Dozens of metro Detroit car dealers impacted by cyberattack on software company

Posted at 11:47 PM, Jun 19, 2024

DEARBORN, Mich. (WXYZ) — A cyberattack on a little-known company to most Americans is having a huge impact on car dealerships — and potentially their customers — nationwide.

CDK Global is a software company used by 15,000 car dealerships. Early Wednesday, it shut down its own systems to investigate a cyber incident.

Many of those systems were back up and running as of Wednesday night, but dealerships using CDK couldn’t finalize sales all day long. The full impact on customer data is still unknown.

Village Ford Tent Sale

At Village Ford in Dearborn, this week is the 40th annual Tent Sale. Signs and flamingos were lined up along Michigan Avenue in front of the store, and the sales people were all dressed in Hawaiian shirts.

The sale is their biggest sale of the year, and they're dealing with a cyberattack in the middle of it.

“Could have picked a better week for this to happen, but we're working through it,” general sales manager Jay Sturtz said. “It really hasn't been too bad of an impact today. If it would last longer, we’d run into some trouble.”

Screenshot 2024-06-19 at 11.51.30 PM.png

Sturtz says CDK is essentially an operating system for dealerships that use it to do everything from accessing servicing records to electronically filing vehicle titles. They still made nearly 20 car sales Wednesday, but none of the drivers were able to leave with their new car as the sales weren't able to be finalized.

"For us in the sales department, the biggest thing was just not being able to type up the contracts," Sturtz said. "We were able to work deals, calculate payments, do everything up to the end of the sale.”

Screenshot 2024-06-19 at 11.54.09 PM.png

"It's been a rough day for most dealers... Over 60% of our members are on CDK," said Robert Weller, general counsel for the Detroit Auto Dealers Association. "I think we're in pretty good shape now but had it gone on longer, it would've been worse.”

Rachel McNealey, an assistant professor in the School of Criminal Justice at Michigan State University, says it's popularity and success among dealers makes it a target since they have access to a large number of customer data.

Screenshot 2024-06-19 at 11.55.32 PM.png

“When you have these software and service companies that are the default or go-to for entire industries, that becomes an attractive target,” McNealey said. “Collecting data, especially in large amounts, is money. You can sell it, people will buy it, not just on the dark web but on the clear web.”

This attack comes on the heels of another cyber attack on Ascension Health, which has impacted the hospital system and their computers for weeks. McNealey says attacks are becoming more common.

VIDEO: Ascension says massive cyberattack started after employee clicked malicious file

Ascension updates ransomware attack recovery

"Something that struck me is the diversity in targets now," McNealey said. "We're seeing movement from government agencies and really big corporations that are typically affiliated with financial information, to these more day to day types of businesses that carry customer information.”

In response to an email inquiry, CDK sent a statement that said:

“As we’ve communicated previously, we are currently investigating a cyber incident. Erring on the side of caution, we proactively shut all systems down and executed extensive testing and consulted with external third-party experts.

With the work done so far, our core DMS and Digital Retailing solutions have been restored. We are continuing to conduct extensive tests on all other applications, and we will provide updates as we bring those applications back online.

Our first priority is always the security of our customers, and our actions reflect our obligation to them as a trusted partner.”

Lshaun Lloyd was buying a car for her daughter at Village Ford and didn’t notice anything was wrong until we asked for an interview and explained what had happened.

“How are they ever going to keep it safe? Because they're always attacking," Lloyd said. "Whether it's here, Target, anywhere. It seems like every so often, everyone is getting hit.”

Screenshot 2024-06-19 at 11.57.28 PM.png

It's still unclear whether any CDK data was breached in the attack. Lloyd hopes her data is safe, having shopped with Village Ford before. She said she's never been victim of identity theft before.

“I better knock on wood just in case," Lloyd said.

As for the dealership, they’re still celebrating the Tent Sale while hoping CDK’s data is safe and the full system comes back on soon.

“Our first priority is making sure we protect people’s privacy, identities," Sturtz said. "If CDK felt they needed to shut down to do that and figure out what’s actually going on, we’re OK with that.”