CDK Global hacked again while recovering from first cyberattack
Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack.
CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership's operation, including sales, back office, financing, inventory, and service and support.
CDK became aware that they were breached Tuesday night, causing them to shut down their data centers, IT systems, and login systems.
The attack led to a massive outage as car dealerships could not conduct their normal operations, including servicing or selling vehicles.
Last night, the company had begun to restore services, bringing their Unifi modern login service back online, though other systems were still being restored.
Unfortunately, as CDK was restoring its services, they were once again forced to shut down their systems after suffering another breach late yesterday evening.
"We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th," reads a CDK notification seen by BleepingComputer.
"Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts."
Brad Holton of Proton Dealership IT, owned by CDK-competitor Reynolds and Reynolds, told BleepingComputer that all of his customers remain down today, with little information being shared by CDK about the incident with customers.
The outages are affecting some of the largest automotive dealers in the world, such as Penske Automotive Group, who says it has impacted their commercial truck dealership Premier Truck Group.
"Our Premier Truck Group business utilizes CDK, and its systems are disrupted. The commercial truck dealership business has lower volumes than the automotive business and principally serves business customers," Penske Automotive Group told BleepingComputer.
"Premier Truck Group has implemented its business continuity response plans and continues to operate through manual processes developed to respond to such incidents."
A more recent update from CDK , as seen by BleepingComputer, says they aim to bring systems back online on Friday, June 21.
However, cybersecurity and IT professionals in the automotive industry have told BleepingComputer that they believe CDK is moving too fast in bringing services back online, potentially increasing the risk to its customers.
While the outages are significantly impacting the car sales industry, there is concern that CDK is not properly investigating the scope of the breach before bringing servers back online.
Not properly mitigating a breach could lead to further cyberattacks, as evidenced by last night's second breach, and a greater risk of theft of customer data.
Car buyers and owners are impacted, too
While this is affecting car dealerships, it is also affecting customers who want to purchase a new car or service an existing one.
BleepingComputer was contacted by multiple customers yesterday who attempted to purchase a car, only to be told that systems were down and that they could not be helped.
As the entire process for purchasing a car, including inventory, vehicle registration, and financing, is handled by CDK's platform, dealerships cannot conduct sales or are forced to manual processes.
Similar stories were shared by car owners looking to service their cars, with dealerships warning that there would be delays in receiving parts due to systems being down.
BleepingCompuer contacted CDK about the second breach and will update the story with any statement.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024