NEW YORK (AP) \u2014 Car dealerships in North America are still wrestling with major disruptions that started last week with cyberattacks on a company whose software is used widely in the auto retail sales sector.<\/p>\n\n\n\n
CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations.<\/p>\n\n\n\n
For prospective car buyers, that\u2019s meant delays at dealerships or vehicle orders written up by hand. There\u2019s no immediate end in sight, but CDK says it expects the restoration process to take \u201cseveral days\u201d to complete.<\/p>\n\n\n\n
On Monday, Group 1 Automotive Inc., a $4 billion automotive retailer, said it is using \u201calternative processes\u201d to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also disclosed that they implemented workarounds to keep their operations going.<\/p>\n\n\n\n
Here is what you need to know.<\/p>\n\n\n\n
CDK Global is a major player in the auto sales industry. The company, based just outside of Chicago in Hoffman Estates, Illinois, provides software technology to dealers that helps with day-to-day operations \u2014 like facilitating vehicle sales, financing, insurance and repairs.<\/p>\n\n\n\n
CDK serves more than 15,000 retail locations across North America, according to the company.<\/p>\n\n\n\n
CDK experienced back-to-back cyberattacks on Wednesday. The company shut down all of its systems after the first attack out of an abundance of caution, according to spokesperson Lisa Finney, and then shut down most systems again following the second.<\/p>\n\n\n\n
\u201cWe have begun the restoration process,\u201d Finney said in an update over the weekend \u2014 noting that the company had launched an investigation into the \u201ccyber incident\u201d with third-party experts and notified law enforcement.<\/p>\n\n\n\n
\u201cBased on the information we have at this time, we anticipate that the process will take several days to complete, and in the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business,\u201d she added.<\/p>\n\n\n\n
In messages to its customers, the company has also warned of \u201cbad actors\u201d posing as members or affiliates of CDK to try to obtain system access by contacting customers. It urged them to be cautious of any attempted phishing.<\/p>\n\n\n\n
The incident bore all the hallmarks of a ransomware attack, in which targets are asked to pay a ransom to access encrypted files. But CDK declined to comment directly \u2014 neither confirming or denying if it had received a ransom demand.<\/p>\n\n\n\n
\u201cWhen you see an attack of this kind, it almost always ends up being a ransomware attack,\u201d Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. \u201cWe see it time and time again unfortunately, (particularly in) the last couple of years. No industry and no organization or software company is immune.\u201d<\/p>\n\n\n\n
Several major auto companies \u2014 including Stellantis, Ford and BMW \u2014 confirmed to The Associated Press last week that the CDK outage had impacted some of their dealers, but that sales operations continue.<\/p>\n\n\n\n
In light of the ongoing situation, a spokesperson for Stellantis said Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand.<\/p>\n\n\n\n
A Ford spokesperson added that the outage may cause \u201csome delays and inconveniences at some dealers and for some customers.\u201d However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.<\/p>\n\n\n\n
\u201cThe people who\u2019ve been around longer \u2014 you know, guys who have maybe a little salt in their hair like me \u2014 we remember how to do it before the computers,\u201d said John Crane of Hawk Auto Group, a Westmont, Illinois-based dealership operator that uses CDK. \u201cIt\u2019s just a few more steps and a little bit more time.\u201d<\/p>\n\n\n\n
Although impacted Hawk Auto dealerships are still able to serve customers by \u201cgoing back to the basics,\u201d Crane added that those working in administration are still \u201cpulling out our hair.\u201d He notes that there are now stacks of paper awaiting processing \u2014 in place of orders that went through automatically on a computer overnight.<\/p>\n\n\n\n
Group 1 Automotive Inc. said Monday that the incident has disrupted its business applications and processes in its U.S. operations that rely on CDK\u2019s dealers\u2019 systems. The company said that it took measures to protect and isolate its systems from CDK\u2019s platform.<\/p>\n\n\n\n
In regulatory filings, Lithia Motors and AutoNation disclosed that last week\u2019s incident at CDK had disrupted their operations as well.<\/p>\n\n\n\n
Lithia said it activated cyber incident response procedures, which included \u201csevering business service connections between the company\u2019s systems and CDK\u2019s.\u201d AutoNation said it also took steps to protect its systems and data, adding that all of its locations remain open \u201calbeit with lower productivity,\u201d as many are served manually or through alternative processes.<\/p>\n\n\n\n
With many details of the cyberattacks still unclear, customer privacy is also at top of mind \u2014 especially with little known about what information may have been compromised this week.<\/p>\n\n\n\n
If you\u2019ve bought a car from a dealership that\u2019s used CDK software, cybersecurity security experts stress that it\u2019s important to assume your data may have been breached. That could potentially include \u201cpretty sensitive information,\u201d Steinhauer noted, like your social security number, employment history, income and current or former addresses.<\/p>\n\n\n\n