Cyberattack on CDK halts auto industry progress, with car dealers revealing extensive repercussions
A ransomware attack on CDK Global, a software provider for over 15,000 car dealers across North America, has caused widespread disruption and financial damage to many dealerships. The attack, attributed to the Eastern European and Russian hacker group BlackSuit, occurred on June 19, 2024, and took most of CDK's services offline, severely disrupting operations at thousands of dealerships throughout the US and Canada that rely on CDK's software for sales and financing processes.
Key details on the current status and impact
After paying a $25 million ransom in bitcoin on June 21, 2024, CDK began restoring services by June 23 and had nearly fully restored access for dealers by July 4, 2024. The operational outage ended about two weeks after the attack.
The outage forced dealerships across North America to revert to manual, paper-based operations, disrupting day-to-day vehicle sales and financing. JD Power estimated U.S. retail unit sales for June 2024 dropped by up to 7.2% compared to June 2023 due to the incident.
The immediate financial losses for affected dealerships during the first two weeks amounted to approximately $605 million. Additionally, CDK’s parent company shares fell over 5.7%, while shares of major auto dealers like Sonic, Group 1, and AutoNation declined by up to 4.4% following the attack.
At least eight lawsuits alleging negligence were filed by dealerships affected by the outage, indicating ongoing legal and financial risks for CDK. The attack potentially exposed large amounts of personal data, prompting recommendations for affected individuals to monitor or freeze their credit and be alert for phishing scams exploiting the incident.
Current Status
There are no publicly reported subsequent attacks or ongoing outages related to this incident, and with the services restored by July 2024, operations seem normalized post-attack. However, law enforcement has taken action by seizing BlackSuit’s dark web extortion sites in mid-2025, suggesting disruption of this threat actor’s operation.
Some of the largest car dealers in North America, including Sonic Automotive, Penske Automotive Group, Autonation, Group 1 Automotive, and Lithia Motors, have disclosed potential material impacts due to the cyberattack on CDK Global. These dealers use CDK's hosted dealer management system for sales, customer relationship management, inventory, and accounting functions.
CDK Global was acquired by private equity firm Brookfield Business Partners in a deal valued at $8.3 billion in April 2022. The group of car dealers, including those mentioned above, are using workarounds to minimize disruption caused by the cyberattack. CDK expects to restore its dealer management system within several days, not weeks, according to Group 1 Automotive.
The widespread impacts from an attack on a single software as a service vendor with a strong market share in a major industry highlights a persistent problem in cybersecurity, particularly in industries with strong market share software as a service vendors.
- CDK Global, a software provider for automotive companies, faced a ransomware attack attributed to the BlackSuit group, causing widespread disruption and financial damage to thousands of car dealerships.
- After paying a ransom of $25 million in bitcoin, CDK restored services by July 4, 2024, although the operational outage lasted for about two weeks.
- The attack resulted in an estimated financial loss of approximately $605 million for affected dealerships, and CDK's parent company shares, as well as shares of major automotive dealers, also suffered significant drops.
- Some of the largest car dealers in North America, such as Sonic Automotive, Penske Automotive Group, Autonation, Group 1 Automotive, and Lithia Motors, have been impacted due to their reliance on CDK's hosted dealer management system, underscoring the importance of cybersecurity in the technology-reliant manufacturing and finance sectors.
