Software maker CDK says it will take “several days” to bring its systems back online following back-to-back cyberattacks, as car dealerships and auto shops around the U.S. reliant on the company’s software enter a second week of disruption.
In a statement, CDK spokesperson Lisa Finney confirmed that the company has “begun the restoration process” of its systems, and that it is “continuing to actively engage with our customers and provide them with alternate ways to conduct business.”
A specific timeline for the recovery was not given. A prerecorded phone message for CDK customers heard by TechCrunch on Monday said the company will “share the timeline once it is confirmed.”
The prerecorded message said: “No DMS integration tasks can be performed,” referring to the company’s flagship dealer management software, which remains largely inoperable.
CDK, which makes customer management software for car dealerships and auto shops for handling their customer and vehicle records, provides its technologies to about 15,000 dealerships across North America.
The cyberattack — reportedly ransomware — began on June 19, causing widespread outages to CDK’s dealership customers. CDK confirmed it experienced an additional cyberattack later in the day that it said was likely to result in extended outages. It’s unclear if, or how, the second cyberattack was related to the first.
According to Bloomberg, citing a person familiar with the incident, the hackers are demanding the company pay tens of millions of dollars in ransom to get their systems back. It’s not yet known if the company has or plans to pay the ransom, and CDK’s spokesperson Finney declined to say when asked by TechCrunch.
As of the start of the working week, dealerships across the United States continue to face outages. Group 1 Automotive, one of the largest U.S. car dealerships, said in a Monday filing with government regulators that it was continuing to experience disruption across its U.S. operations, which rely on CDK’s software.
Several other companies that rely on CDK software, including Sonic Automotive and transportation giant Penske Automotive, also reported ongoing outages due to the CDK cyberattack across varying levels of their businesses.
Sonic said that as the incident was ongoing, it was unable to yet determine what, if any, customer data was stolen.
Do you know more about the CDK cyberattacks? Get in touch. To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You also can send files and documents via SecureDrop.
Corrected on June 27 to attribute a regulatory filing to Penske Automotive.