In an increasingly digital world, where CDK Cyber Attack businesses rely heavily on technology to manage operations, the recent cyber attack on CDK Global has sent shockwaves through the automotive industry. This attack didn’t just hit the dealers—it struck at the very heart of the industry, leaving countless businesses vulnerable, and customers questioning their safety. During my first years in the car business, I wore a lot of hats in each job position I had. The one thing I learned early is that the accounting office staff are often the clean up crew when several types of problems arise. There are still systems and procedure hiccups that happen today, but thanks to technology and automation they are fewer in number. Then came the CDK cyber attack.

This CDK cyber attack is on a whole different level.

This breach is a very different type of problem, but in the end, when things begin to settle (which may take months), it will be the accounting office who will be tasked to gather the thousands of dealership puzzle pieces from sales, service and parts, and methodically match them up together to form some semblance of financial order.

The “End of the Month” is here. New car dealerships are required to produce a monthly financial statement as mandated by the manufacturer and certain lenders. It’s unclear as of this writing if a June financial statement will be available. I would say the chances are slim.

Why did the CDK cyber attack happen?

There was once a company called ADP Dealer Services who were a great DMS provider. They got rolled into a company called Cobalt that sold mostly digital marketing services. Then, all of that got rolled into CDK Global and with that came private equity investments.

The first thing to get cut when private equity rolls through the front door is “cost-centers,” and Infosec (aka: Information Security) is viewed as a cost-center. The main people who defend the gates of the village (the company) from the barbarians (hackers) are the first sent off to exile.

When there is a ransomware attack, it’s revealed with clockwork-like precision that no one has tested the backups for six months and half the legacy systems cannot be resuscitated.

As a cybersecurity expert told me last week a few days after the attack happened, “It’s been at least two days since the ransomware attack with no fix in sight, which tells me a few things on this list have to be true”:

1. They have no backups, or
2. If they do have backups, they are outdated or never tested, which is effectively the same as having no backups.
3. No one knows how to restore backups.
4. There is no disaster recovery plan, or if it exists it is outdated to the point of uselessness.
5. Multiple single points of failure are baked into the infrastructure.
6. They have no idea how compromised they are.

I am very angry about how ADP Dealer Services, a once great company, has been raped and pillaged by private equity.

The real pain is suffered by the rank and file at dealerships, who still have to care for customers and sell to make a paycheck.

According to recent reporting, CDK will be paying the tens of millions of dollars in ransom. Here’s a short video about how these ransomware attacks roll out. This certainly this won’t be the last.

Let’s not absolve the “Preferred Vendor” program in this debacle.

New car dealerships are franchises and the manufacturer is the franchisor. Each manufacturer has a “Preferred Vendor” program where vendors apply to be included on the list. It was my understanding that it’s a rigorous process that also entails paying a fee. In my experience, the program is anti-innovation because many start-ups and smaller vendors don’t have the budget to pay the fees that the big guys do.

Many times, the preferred vendor’s dealer pricing is higher than a non-preferred vendor (and in my opinion, the preferred vendor’s product quality is often not on par with the non-preferred vendor products and services).

Why then would a dealer choose a preferred vendor over a non-preferred vendor? Two reasons:

• Because the “Preferred Vendor” program is marketed as pre-vetted vendors (so there’s an assumption of higher quality and trust, which in practice, may or may not be the case).
• When the dealer chooses a preferred vendor, there is a financial incentive. The dealership can often recoup some of that expense through the manufacturers “Co-op” program.

CDK is a “Preferred Vendor.”

The glaring question that needs an answer now is where were the security audits for this vendor?

Why wasn’t there a regular monitoring of this vendor to ensure their product was worthy of preferred status? Or, if there was regular monitoring, it’s clear now that the monitoring protocol is sorely lacking.

How did the CDK cyber attack happen?

CDK is an ancient program — not a lot has been done to upgrade the original version for decades. This is standard operating procedure when companies/private equity buy legacy companies. Innovation is not the goal. They slap on a new paint job or buff out the dents, and package it as the “new improved version” that is always much more expensive but “worth the investment.” Ask any dealer how they feel about CDK and other DMS fees these days.

The Breach That Shook the Industry

CDK Global, a leading provider of technology and digital marketing solutions for the automotive industry, found itself at the center of a cyber storm. What began as a typical day quickly spiraled into chaos as news broke that CDK’s systems had been compromised. The attack, which targeted the company’s critical infrastructure, affected thousands of dealerships across the nation, causing widespread disruption.

For many, CDK is more than just a service provider. It’s the backbone of their operations, managing everything from inventory to customer relationships. The breach was not just a technical failure; it was a betrayal of trust, shaking the confidence of businesses that had relied on CDK to keep their data secure.

Dealers in Disarray

For dealerships, the impact of the cyber attack was immediate and severe. With systems down, day-to-day operations came to a grinding halt. Sales, service, and even basic communication were disrupted, leaving dealerships scrambling to find a way to continue serving their customers. The attack didn’t just cost time and money—it created a sense of vulnerability that many dealers had never experienced before.

Dealerships are more than businesses; they are the lifeblood of communities. Families depend on them for their livelihoods, and customers trust them to provide reliable service. The attack on CDK was a stark reminder of how interconnected we all are, and how the failure of one system can ripple through an entire industry, leaving a trail of uncertainty and fear.

The Human Toll

Beyond the financial losses and operational disruptions, the human toll of the CDK cyber attack is perhaps the most heartbreaking. Employees found themselves unable to do their jobs, facing frustrated customers and the stress of not knowing when—or if—things would return to normal. Managers and owners were left with the agonizing task of explaining the situation to their teams, all while trying to navigate the crisis themselves.

For customers, the attack was a stark reminder of the dangers lurking in the digital world. The personal information they entrusted to dealerships was suddenly at risk, leading to anxiety and fear. In a time when privacy concerns are already at an all-time high, this breach only deepened the mistrust between consumers and businesses.

A Call for Change

The CDK cyber attack is a wake-up call for the entire industry. It’s a reminder that in our rush to embrace technology, we must not lose sight of the importance of security. As we move forward, there must be a renewed focus on protecting the data and systems that are the foundation of our businesses.

But beyond the technical fixes, there is a need for a deeper change—a shift in how we think about and prepare for these kinds of crises. The emotional toll of this attack cannot be underestimated, and businesses must not only rebuild their systems but also rebuild the trust of their employees and customers.

Moving Forward Together

In the aftermath of the CDK cyber attack, the road to recovery will be long and challenging. But in every crisis, there is an opportunity for growth and improvement. Dealerships, CDK, and the entire automotive industry must come together to learn from this experience and create a stronger, more secure future.

This attack hit more than just dealers; it hit the people, the communities, and the very trust that holds our industry together. As we rebuild, let’s do so with a renewed commitment to security, transparency, and the well-being of everyone involved. Only then can we truly move forward from this dark chapter and create a brighter, safer future for us all.