CDK Global Data Breach Slams Auto Dealers Nationwide

Data breaches continue to be one of the top concerns of consumer-facing businesses, and with good reason. Cyberattacks have been on the rise, with more than 3,200 data compromises in 2023 – a staggering 78% increase from the previous year.

CDK Global, a company that provides auto dealerships across the U.S. with software for managing payroll, inventory, sales, and other services, is one of the most recent victims, incurring a breach that impacted dealerships nationwide. Cyberattackers targeted CDK with a ransomware attack that forced the software provider to shut down its IT systems and data centers to stem the attack’s spread. That move took 15,000 car dealerships that CDK serves offline, rendering its services inaccessible. Amid its restoration process, CDK has shared that it does not expect to be back online for all dealers until at least the end of June.

The attack is believed to be the work of a ransomware gang known as BlackSuit. In such attacks, threat actors lock victims out of their systems, steal sensitive data, and demand payment for decryption keys. The surge in ransomware incidents, similar to the one Change Healthcare faced earlier this year, highlights the risks associated with cloud-based data storage and reliance on potentially vulnerable vendors.

No one is immune from the risk of a data breach. As threats surge, businesses must proactively prepare to safeguard themselves from the costs, disruption, and reputational damage that can result from a breach incident. Here are 8 crucial steps to fortify your protective measures for handling valuable consumer data:

  1. Establish robust information security standards, policies, and procedures.
  2. Regularly train employees on security protocols and best practices.
  3. Design information systems with privacy and security at the forefront.
  4. Continuously assess and manage information security risks through penetration testing and vulnerability assessments.
  5. Vigilantly monitor for cyberattacks and unauthorized access.
  6. Encrypt sensitive data to prevent unauthorized access.
  7. Employ up-to-date antivirus software and other protective measures.
  8. Have (and be sure to test) a comprehensive data breach response plan.

CDK’s recent data breach underscores the escalating risks posed by cyberattacks in today’s digital landscape. Working with experienced data privacy and security counsel can help you identify and shore up your business’s vulnerabilities, create and implement a data protection framework, and ensure your business, and your customers, are best protected.


*Tori Geller contributed to this article.

Josh Stevens headshot

A Partner at M&S, Josh advises clients on a range of proactive and responsive matters, helping them achieve their business goals while complying with federal and state privacy and other consumer protection laws.

2560 1707 Josh Stevens
Share This Post:
Start Typing
Skip to content