CDK Global issues urgent warning to the public after 'bad actors' launch global cyberattack
A major cyberattack on CDK Global, a software service used by thousands of car dealerships, is now impacting the public.
The Illinois-based company issued an urgent warning Friday, cautioning people about bad actors posing as employees during phone calls to get credit card details and access to their accounts.
Roughly 15,000 US car dealerships rely on CDK Global - a software-as-a-service platform - that contains personal information for millions of customers.
Hackers gained entry to CDK's systems twice in the last week, forcing the company to shut down most of its operations that affected clients of General Motors, Nissan and a portion of BMW Group dealers.
CDK has issued an urgent warning to customers that the bad actors are posing as employees during phone calls to get credit card details and access to their accounts
General Motors is one of the dealerships that uses the hacked CDK systems
CDK provides dealerships with a computerized finance and insurance database to avoid physical paperwork, instantly accesses customer information when they call and offers a digital retail platform where customers can buy cars online.
The company was first hit on June 18 which forced it to shut down the majority of its systems and while it was still recovering from the first hack, a second attack struck the following day.
The company is still investigating the attack and has not yet confirmed what data was stolen.
In the wake of the attacks, CDK issued a message on its interactive voice response line telling customers to be cautious when receiving calls from people who say they're employees.
'We are aware that bad actors are contacting our customers posing as members or affiliates of CDK trying to obtain system access,' the pre-recorded line says.
'CDK associates are not contacting customers for access to their environment or systems,' it continued, adding: 'Please only respond to non-CDK employees and communications.'
Threat actors can use phishing emails or phone calls to trick unwitting customers into sharing their personal information or gain unauthorized access to proprietary systems and the company's financial assets.
CDK advised that customers remain vigilant and told them not to engage in any communication that appears to come from customer support or employees, saying they aren't reaching out to customers at this time.
There is currently no known 'estimated time frame for resolution and therefore our dealer systems will not be available likely for several days,' CDK said in its message.
It's still unclear how many customers were impacted by the attack, what group carried it out or where it originated.
The attack took place just days after a separate hack that pushed the Findlay Automotive Group offline.
Insurance company Zurich North America warned that dealerships are a prime target for hackers because they hold a 'treasure of information' on customers' credit applications and financial information.
'In addition, dealership systems are often interconnected to external interfaces and portals, such as external service providers,' Zurich explained, with many dealerships lacking 'basic cyber security protections'.
CDK produced figures suggesting attacks by cyber-hackers on individual car dealerships rose from 15 to 17 percent last year and boasts on its website that it offers a 'three-tiered cybersecurity strategy to prevent, protect and respond to cyberattacks.'
A Nissan dealership in Phoenix, Arizona is 'at a standstill' after CDK's cyberattack impacted 50,000 of its customers
Alex Padron, a sales manager at a Nissan dealership in Phoenix, told Bloomberg that business was 'almost at a standstill' on Thursday.
He told the outlet that the attack likely affected 50,000 customers which included everyone who purchased a vehicle through their store since 2014 - when it began using CDK's software.
The company told Axios it is still 'assessing the impact' of the cyberattack and will be providing customers with regular updates.
'We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible,' CDK said.
DailyMail.com has reached out to CDK for comment.
