Car Dealers’ Systems Won’t Be Back Online Until July, CDK Says

Worse yet, scammers are calling dealers posing as CDK employees, wreaking even more havoc.

Hopefully, you weren’t planning to buy a car from a dealership anytime soon. A cyber attack on CDK Global last week—the company that makes cloud-based management software for more than 15,000 dealers in North America—sent auto retailers back to the Stone Age, having to close deals and log service orders with pen and paper. Now, CDK is saying that it won’t be fixed anytime soon.

First, CDK was hit with a single cyber attack, so it shut its servers down. It then brought the core systems back online, after it felt it had a hold on the situation, only for another attack to follow, causing CDK to shut everything down indefinitely.

“We do feel it is important to share that we do not believe that we will be able to get all dealers live prior to June 30. Should you need to make alternate plans for your month-end financial close process, you should do so,” CDK said in an email to customers, according to Automotive News.

According to Bloomberg, the ransomware attacks were done by BlackSuit, a group of Russian and Eastern European hackers, and they’re asking for tens of millions of dollars from CDK to back off. CDK is reportedly ready to pay the ransom, but it’s unclear how customer data has been affected. One customer in Illinois is even reportedly suing CDK for not protecting client data well enough.


Even for dealerships best suited to revert to analog sales, the next few days or weeks could be financially difficult. Not only are most customers too impatient to deal with old-school car buying, but they’ll also lose out on manufacturer rebates or discounts, as CDK’s software handles that. And if customers still do follow through, most dealerships can’t even register the sold cars, forcing customers to take their new purchase to their local Department of Motor Vehicles (DMV). Due to how widespread dealers’ problems are, DMVs are flooded with customers and reportedly turning away walk-ins, leading to massive appointment delays, according to CNN. Ryan Callahan, a sales manager for a Massachusetts Mazda dealership, told the news network that the financial impact of this shutdown could potentially be felt for years.

CDK also warned its dealer clients not to speak with anyone about the shutdown, as shady third parties are looking to swoop in while dealers are at their most vulnerable. Hackers are apparently reaching out to industry personnel, taking advantage of their frustration and confusion, and attempting to get sensitive information.

“We are aware that bad actors are contacting our customers, posing as members or affiliates of CDK, trying to obtain system access,” said CDK, per Auto News. “CDK associates are not contacting customers for access to their environment or systems. Please only respond to known CDK employees and communications.”

There’s no word on exactly when CDK’s software will be back online, nor how far-reaching the effects of these cyber attacks go. But until the dust settles and dealers can prove their data is secure, many would-be car buyers are going to be reluctant to shop.

Got tips? Send ’em to