Earlier this week, CDK Global (formerly a part of ADP) suffered a “cyber incident” that required them to take their datacenters offline. By Wednesday, June 19th, they were able to get most systems back online, but they suffered another cyberattack again and had to take their systems down a second time. Around 15,000 dealers are fully down at the time of this writing due to CDKs datacenters being offline.
Due to this attack, dealers cannot sell or service cars, or operate their back offices. This breach extends to far more than that however, with anyone who purchases or services a car having their personal data in the DMS (Dealer Management Software). The DMS is known as the lifeblood of a dealership – dealers cannot operate without it at all. That includes SSNs, since you need them to finance a car. The DMS needs this data to build a deal and create the contracts that get printed, signed, and sent to the bank. Even if a deal is e-contracted through a service like Dealertrack/RouteOne, the data that is populated in those services originate from the DMS. All employee personnel and HR data is stored in the DMS, because this data is needed to tie sales to employees for commissions and bonuses.
To give some further background on CDK, they are a multinational automotive dealer services and consulting company. They provide software and services that allow dealers to manage all aspects of their business operations from sales, F&I, fixed operations, accounting, HR, & more. Their primary product is the CDK Drive DMS. As stated earlier, the DMS is crucial in the field of automotive dealerships. You can not write a deal to sell a car, bill out a deal, write up a repair order, cut checks, post invoices, or basically do anything in the dealership that is not in the DMS. Originally, dealers would rent a server from CDK and host the DMS locally in their own network closet. CDK would provide the software that runs on it and supports it.
In the present time, a locally hosted server does not fit the bill for this. Dealers use third party services that need real time data access to their DMS. They use CRMs like DealerSocket or VinSolutions to track customers and leads, and when a new customer is written up that data gets pushed automatically to the DMS. Factories want real time data of sales, and dealers need to send parts orders in real time to the factory for quick deliveries. This is due to only the most common parts normally being stocked in house. Factories also want real time repair order data for warranty claims. None of this can occur on a locally hosted server, so for most CDK customers their DMS is hosted in a datacenter run by CDK. To connect to the DMS, a VPN tunnel appliance that is always powered on is installed in the store, and all network traffic goes through it.
We will update you further here at Nyedis.com when more updates on this breach become available.