CDK Global says employee and customer data safe after cyberattack

Photo of author

By Maya Cantina

CDK Global says employee and customer data safe after cyberattack

CDK Global said two cyberattacks in June that forced the shutdown of its dealership management system in North America do not appear to have involved the theft of dealership employee or customer data.

“We are pleased to report that after conducting a thorough third-party expert review of the June 19 cyber incident, we have not discovered a compromise of personally identifiable information of dealership employees or consumers that would give rise to any reporting obligations related to the incident,” a CDK spokesperson told Automotive News in an emailed statement on Aug. 26.

“Now, dealers can reassure their employees and consumers that their data is secure and remain focused on delivering great experiences throughout the entire car buying and ownership journey.”

Austin, Texas-based CDK said in early July that it would collectively address a Federal Trade Commission Safeguards Rule requirement for dealerships if it determined that the attacks — a ransomware event — involved the theft of data from dealership employees or customers.

The amended safeguards rule requires auto dealerships and other nonbank financial institutions to notify the agency no later than 30 days after discovering a security breach in which unencrypted information for at least 500 customers was accessed. CDK has been working with third-party experts since the attack to securely reboot its systems and address whether employee and customer data was stolen.

CDK’s disclosure offers good news for the 15,000 dealerships affected by the attacks, which forced CDK to shut down its DMS for two weeks. Dealers struggling to maintain operations relied on pen and paper and third-party software workarounds during the shutdown. They took hits to their second-quarter net income, as the shutdown came at the end of a crucial sales month and quarter. The company compensated its customers with a one-month discount, dealerships said, but some felt the gesture didn’t go far enough.

The CDK has not yet disclosed what caused the attacks or what steps it has taken to minimize the risk of future incidents.

It was also unclear how CDK’s data security announcement might affect pending lawsuits against the company.

Some of the dealership’s employees and customers have sued CDK in federal court, claiming the cyberattacks put their data at risk.

Source link

Leave a Comment