One Year After the CDK Cyberattack
The Industry’s Reckoning, The Lawsuits Ahead, and What It Still Hasn’t Fixed
The Day the Dealerships Went Dark
June 18, 2024.
For most consumers, it was just another Tuesday. But inside thousands of dealerships across North America, it was chaos.
CDK Global one of the automotive industry’s most critical tech backbones—was crippled by a ransomware attack from the hacking group BlackSuit. Overnight, the digital infrastructure used by over 15,000 rooftops for desking, financing, service appointments, and inventory management simply vanished.
And then, just as recovery began, the unthinkable: a second attack the very next day.
It wasn’t a glitch. It was a total system failure.
What Happened? A Timeline of Collapse
June 18, 2024: CDK is hit with a ransomware attack. All systems are shut down to contain damage.
June 19: A second wave hits during recovery efforts, setting timelines back again.
June 21: CDK allegedly pays a $25 million ransom in bitcoin to begin regaining access.
June 24 – July 4: System restorations begin. Workarounds fail. Lawsuits begin.
July – August: The long tail of customer loss, reputational damage, and legal exposure unfolds.
The Financial Fallout
By some estimates, the cyberattack cost dealerships over $605 million in lost sales, service revenue, and operational disruptions. The most impacted stores saw nearly half a month’s worth of business disappear.
Penske Automotive Group. AutoNation. Lithia. Group 1. Sonic. They all went offline proof that size didn’t equal immunity.
Some staff wrote repair orders by hand. Others couldn’t schedule customer service. Many were locked out of their own inventory and desking tools for weeks.
This wasn’t just about lost profits. It was about lost trust.
Legal Repercussions: When the Tech Vendor Becomes the Defendant
A year later, CDK finds itself not just patching code but defending itself in court.
Multiple lawsuits have emerged from dealership groups alleging CDK failed to meet reasonable cybersecurity standards. These lawsuits are more than just compensation-seeking efforts; they’re setting the stage for something larger: defining legal accountability in the digital era of automotive retail.
“Our losses for June and July were substantial,” said Judy Farcus Serra, COO and CFO of Headquarter Automotive. “CDK’s offer didn’t even scratch the surface. They left us exposed.”
Key legal questions now face the courts:
What constitutes “reasonable protection” in an era of cyber risk?
Can a dealership sue for lost revenue tied to system downtime?
Where does the liability lie when an entire tech ecosystem fails?
These are no longer hypothetical concerns. Every vendor contract moving forward may carry new clauses because of this breach.
Lessons Learned—And the Ones Still Ignored
1. A Single Point of Failure Can Take Down an Empire
CDK had near-total market penetration for DMS services. The moment they went down, so did everything: scheduling, service histories, credit applications. Dealerships learned the hard way that too much consolidation in tech leaves them dangerously exposed.
2. Many Dealerships Were Digitally Underprepared
The attack laid bare a deeper problem: antiquated tech. Some stores were still running DOS-era software. Few had endpoint protection. Even fewer had cyber insurance that actually paid. It wasn’t just a vendor issue it was a readiness issue.
3. Dealerships Had No Playbook
The sheer number of stores that defaulted to “figure it out as we go” was stunning. No alternate system. No paper ROs ready to go. No disaster recovery drills. No structure. The incident revealed how poorly prepared the average store was to operate offline.
Human Impact: Relearning How to Run a Store
At one Audi dealership in California, managers pulled out physical folders from a storage room last opened in 2009. Staff were instructed on how to handwrite service tickets and manually call vendors.
“We were running a multimillion-dollar business off a yellow legal pad,” the GM said. “It humbled everyone from top to bottom.”
Another sales director shared:
“It made me realize how automated we’d become. Without a DMS, we lost more than process. We lost confidence.”
What’s Still at Risk?
Cyber Threats Have Evolved—But Many Stores Haven’t
Despite the wake-up call, many dealerships still lack:
Two-factor authentication across systems
Employee phishing awareness training
Isolated backups with ransomware protection
Clear internal protocols for future attacks
Worse, some still rely exclusively on CDK without a secondary solution in place.
The Supply Chain Is Fragile by Design
The breach didn’t just hit dealerships it echoed upstream. OEMs like Stellantis and BMW had order delays, missing VIN tracking, and vehicle allocation issues. Vendors couldn’t invoice. Lenders couldn’t pull rates. Insurance providers couldn’t verify coverage.
The modern retail automotive experience relies on one thing: frictionless digital communication. And this breach broke it all.
Visualize the Breach: The Ripple Effect
Imagine this infographic (embed if possible):
Center: CDK System Breached
Rings:
Dealerships: lost transactions, frustrated employees
Customers: long wait times, lost confidence
OEMs: vehicle tracking failures, stalled allocation
Vendors: halted invoicing, DMS access blocked
Lenders: disconnected rate tables, verification delays
One system, thousands of broken links.
Actionable Recommendations: Don’t Just React—Reinforce
1. Conduct Regular Security Audits
Have a third party run penetration tests on your network. What you don’t know will hurt you.
2. Implement Employee Training
Most attacks start with a single bad click. Make cybersecurity training a requirement—quarterly.
3. Develop Incident Response Plans
Create a step-by-step disaster playbook. Store it both digitally and in print. Review it every six months.
4. Diversify Vendor Dependencies
Stop relying on just one vendor for everything. Look for modular, API-driven solutions that can operate independently.
5. Invest in a “Go Dark” Playbook
Know how to run your core business functions without a DMS. Practice it like a fire drill.
6. Negotiate Vendor Contracts with Cyber Language
Build language into your service contracts that holds vendors accountable for security standards and defines expectations for recovery and communication in the event of a breach.
Final Thought
The CDK attack wasn’t just a tech failure it was a cultural one. It revealed how overconfident we’ve become in our systems, and how underprepared we were to lose them.
One year later, the wounds are still healing and the threat is far from over.
The next attack won’t be a surprise. It’ll be a test of who took this one seriously.
Share this post