In another life I used to work for CDK Global. They are absolutely one of the most incompetent organizations I have ever had the displeasure of being a part of from both a management and cybersecurity perspective. I am not surprised this has happened and I assume the attack is much worse than CDK Global is claiming as they have a history of lying being their default communication style.
Yikes, well that's not what I wanted to hear! They still have not given any details. Mainly just that certain things like the DMS and phones were NOT effected so they enabled those again.
In house IT for a dealership group here... we blocked Adaptiva at the firewall and killed the connection on their SD-WAN. Hoping something sketchy wasn't already installed, but nothing showing up in MDR so far.
I'd be more worried that your customer info was accessed or exposed on their network/systems, and that the FTC made it clear that dealerships are on the hook if there's a breach, not their vendors.
I'm pretty sure FTC will have no choice but to make an exception here. Even with FTC safeguard rules in place it wouldn't have mattered because of the magnitude of this breach well beyond the dealer networks. Otherwise a massive class action lawsuit will ensue as a result.
I'm good either way, all the dealers getting smacked and fighting back or CDK getting sued into the ground. What i'm not ok with is them just ignoring it, because then even more dealers will ignore IT in general.
Yea they haven't announced anything on their website or social media accounts. Not even guidance. And that's even after its hit national news across the big news agencies. Definitely not a good look for them.
Agree 100%, but that's out of my hands. Rumor has it dealerships who may have had compromised data have already been notified, but I haven't seen anything say that officially.
We use Sophos for endpoint and firewall, and the firewall has a list of apps that the endpoint agents discover, so we blocked it using Application Control rules.
We use Sophos for endpoint and firewall too but not Adaptiva, but for our own RMM we have a disabled "block" rule so that we can, from sophos central, enable it singly or en masse to cut customers loose from us if the worst happens (block our RMM from communicating with the dashboard).
CDK's legacy patching tool was called SIA (Software Install Agent) but they started installing Adaptiva also a few months ago. Last I heard, Adaptiva was not actually doing anything yet.
Either way, I've uninstalled both from all our PCs for now.
Something I noticed a year or so ago. Old logins are always working. I am using my old password from over a year ago even though I have been forced to change it like 5+ times since then. All the other passwords likely still work. CDK is a joke.
All the dealerships who decided not to comply (aka refused to spend any money to protect their customers data) to the mandated FTC Safeguard rules are about to get exposed.
According to CDK's website, they have tools to help dealerships comply with FTC rules. Like all compliance, its a business responsibility, not a vendor responsibility.
Disclaimer: I have provided IT support for dealerships as an MSP since 2008. Most dealer / owners don't understand their own IT needs and vendors like CDK, R&R and to a lesser extent Dealer Track have historically sold them (read: scared, tricked / fooled them into buying) "IT services" and maintenance on devices they didn't need thereby diverting financial resources from things they do need like Managed IT and Managed Cybersecurity services.
That being said, how would a dealership having a fully implemented FTC Safeguards Compliance program have prevented this?
A well-implemented FTC Safeguards Rule compliance program at a dealership wouldn't have prevented the CDK breach itself, but it could significantly mitigate the potential impact on the dealership if the breach extends beyond CDK. If CDK's systems are tied into the dealership's network, it creates a potential entry point for hackers. So if the dealership is breached, and they can't prove they have the proper mandated cybersecurity measures in place, then they could face fines.
Agreed regarding the lateral movement aspect but that is still predicated on the initial CDK breach.
However, with regards to this specific issue, a perfectly implemented FTC Safeguards Compliance program at the dealership wouldn't change the fact that if any dealer's data is compromised due to CDK (or any third party for that matter) their could be liability coming their way the way the rules are written and sometime interpreted.
For smaller dealerships or newer dealerships however, they may not have to worry if they have fewer than 5,000 consumer records in their system.
Update from Cdk as of this morning:
Dear Valued Customers,
We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th. Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th.
As of now, our Customer Care channels for support remain unavailable as a precautionary measure to maintain security. It is a high priority to reinstate these services as soon as possible.
I don't have any dealerships under management but I can say regardless of the industry, if a vendor was compromised, the last thing I'd want to introduce is a VPN unless I have full control over it's configuration. The VPN feels like a shortcut to a bigger issue with their underlying security. Not to say the dealerships have much of a choice in every situation but I'd cut and run if that was an option.
If i recall correctly, they used to run multiple dealerships on one "instance" if that makes sense. So, you could accidentally map an output workflow to another dealerships printer, or their support could. Details are fuzzy but basically, i don't think any of the major DMSs are designed with security in mind AT ALL.
I've got a couple of major dealerships. Not using CDK We have two factor authentication for all computers and email. We also use some pretty tight access control lists inside the Palo Alto firewall and even and on-site exchange. Even the Ipads are app restricted to job need only items. The only issues have been basically people clicking on things. But the air gapped backup restore covers the issues if they happen.
Friendly neighborhood insurance guy here. Here's what popped into my mind:
1. CDK is likely the data holder, but the dealership is probably the data owner. If any information of the client's dealership was acquired, it means that the dealership - NOT CKD - will need to provide breach notification, credit monitoring etc.
2. Remember to: [Identify, Contain, and Refrain](https://youtu.be/Cclnpr7IO3U?si=fVc1QYOEXM61OwaY) for your own liability purposes.
3. Given the size of this matter, law enforcement is probably involved. This means that we may not know what actually happened in any reasonable amount of time. That doesn't bode well for any dealership which is impacted.
4. The dealerships need to work with their insurance guy to determine if this incident qualifies as a reportable, "circumstance." Failure to report a circumstance before renewal could later lead to a declination of coverage for this event. There are a few cyber insurers I know of that concentrate in this space. Large dollars on the line could easily lead to these insurers denying coverage later on to save their bottom line.
5. Also, the dealership should have "dependent business interruption reimbursement" (or some analogous term) on their cyber policy that could reimburse them for revenue lost during this outage. It's probably a sublimit ranging from $100K to $250K, but that could alleviate some of the pain. Typically a forensic accountant is provided by the insurer to demonstrate losses.
6. I'm still contemplating whether this qualifies as a reportable event under your MSPs Tech E&O policy. More to follow on that front.
Hope that helps. Happy to answer any questions you may have.
We have 5 dealerships and have spent the better part of 2 days stripping CDK, LegaSuite, and ADP off every device. Good news is, other than that, the ticket volume is much lower lol
There’s no way. They’re claiming “a few days”. I’d be surprised if we’re up by Monday. They thought they could be cute trying to bring us all back online yesterday from a backup and quickly found out that wasn’t the case. Secretary of State even shut down CVR.
You can't make this shit up. Seriously. C-level executives need to be jailed for this kind of incompetency.
[CDK Global hacked again while recovering from first cyberattack
](https://www.bleepingcomputer.com/news/security/cdk-global-hacked-again-while-recovering-from-first-cyberattack/)
Not dramatic. As someone whose information has been compromised multiple times, I'm tired of being told my data is "safe" only to see how poorly guarded it is in the end.
Yes, I recognize I should consider any data outside of my direct control "leaked" the moment I decide to share it, but there's next to no incentive for most large businesses to properly store our information in the first place.
Monetary fines either need to be raised to bankruptcy levels or people need to face real punishment for data breaches caused by incompetent gross negligence.
Heads up - Vendor post to follow.
We’ve been following the situation, and in the effort of helping to provide peace of mind over the coming week, as with the SolarWinds breach of 2020, we’d like to **provide any Lumu licenses needed in CDK environments for as long as you need to verify things are back to normal post-incident.**
As these types of supply chain attacks can often bypass an EDR, Lumu’s NDR is relatively uniquely equipped to monitor network traffic and automatically block malicious, suspicious, or unusual behavior, whether that’s at the endpoint or network level. We detect behavior to be blocked, and then issue site- and network-level blocks via your firewall and EDR, in near real-time without your team needing to process approvals/reviews.
While Lumu is typically free up to 50 endpoints, we’d like to manually raise any limits needed for your CDK-present environments, free of charge.
Please shoot us an email directly at [[email protected]](mailto:[email protected]) or [use this form to submit a request](https://lumu.io/msp-mssp/), and we’ll follow up as soon as we hear from you.
HERE IS THE NEWS
[https://www.bloomberg.com/news/articles/2024-06-21/cdk-hackers-want-millions-in-ransom-to-end-car-dealership-outage](https://www.bloomberg.com/news/articles/2024-06-21/cdk-hackers-want-millions-in-ransom-to-end-car-dealership-outage)
Former Service appt department worker here. I left because of just how horrible it was a few months back and wow. So not surprised. this is karma really. They have to sign into their systems then clock in. IT TOOK TEN MINUTES TO GET INTO ALL REQUIRE PROGRAMS. Hr response? that replaces the drive since you are remote.....
We have a few dealerships, can confirm they don’t truly value safe guarding IT. FTC is just big government reaching their hands into the pockets of the dealerships…is what I was told.
I'd recommend you show this to your dealerships: [https://www.ftc.gov/legal-library/browse/cases-proceedings/102-3094-franklins-budget-car-sales-inc-also-dba-franklin-toyotascion-matter](https://www.ftc.gov/legal-library/browse/cases-proceedings/102-3094-franklins-budget-car-sales-inc-also-dba-franklin-toyotascion-matter)
Yes, they have confirmed it.
Dear Valued Customers,
We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th. Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th.
As of now, our Customer Care channels for support remain unavailable as a precautionary measure to maintain security. It is a high priority to reinstate these services as soon as possible.
Edit: Follow-up indicates they'll be down for several more days.
CDK is down at my dealership here in Illinois but it doesn’t seem to have peoples spirits down much. Buisness is going on as usual, besides the salesman not being able to sell any cars, parts guys not being able to get into their systems to get parts to people. Our internet and Bill Walsh website wasn’t working yesterday either lmao. I work in the aftermarket accessories department and our websites we use for selling are all still up and running. This problem won’t have dealerships shutting down because of it will it?
I work at a dealer in Illinois but the most I can think about is the fact that bdc is unable to schedule anything. Also the amount of open handwritten tickets we already have will be insane to close out once cdk is back up. Not to mention the warranty ones that need time ran… they just keep piling up
Down in PA too. Users seem to think that, despite the warning, being able to login with legacy accounts and work means they’re safe and that we shouldn’t cut their connection. We had someone log a whole department in with their master account that hadn’t yet been migrated because they wouldn’t accept that there was an outage.
What data *could* they have access to? Credit card information, credit checks \[which might include SSN\], customer phone numbers, dealership internal phone numbers, payroll, internal financial reports, etc. CDK was an all in one dealership solution, pretty much every facet of a car dealership would be integrated into CDK.
Thousands and thousands of people are more or less out of work and hoping for a paycheck and a light at the end of this tunnel. If this is throwing a wrench in your wedding then this CDK hacking isn’t the problem.
Anyone here know the file names and / or file locations for cdk sia or adaptiva we may have it on a couple of machines but trying to block it through edr currently and of course can’t find the actual names
I’ve been waiting for my car to be repaired for a month and a half now. They finally said they’re working on my car and then this shit happens. Fuck whoever did this
Here's how I mitigated the risk from the CDK VPN: I connected their gateway router to a DMZ port on my firewall, and I NAT the traffic, allowing only LAN-to-CDK. I also route ONLY traffic to the CDK portal to their router.
Statement from Adaptiva: Adaptiva’s products remain completely secure and are not involved in this breach. We do not recommend disabling the Adaptiva client at dealerships since this functionality may be necessary in the future to expedite the recovery process and bring dealerships back online.
Please note that Adaptiva will never call you with a request for your credentials. In case of any questions about Adaptiva, please email [email protected].
https://adaptiva.com/statement-from-adaptiva-regarding-cdk-global
But here is what I don't understand about your statement: while your product may not be infiltrated, CDK was and they use your product. Therefore CDKs access to push data could be used by the evil ones, and THAT is the worry your statement doesn't address.
Hey. I have a GLC 300 that my Key started having connection issues on Thursday. What happened to yours? The timing is too close because it was just fine the day b4. It locked up and wouldn't don't do anything it had to be towed to the dealership.
Sad part is these are known bad actors…3rd party downstream providers are high risk…lots of breaches happen this way and have historically….known bad actors and this group is on the DHS block list…💯unacceptable that this breach even happened
Updated statement from Adaptiva on our web site:
[https://adaptiva.com/statement-from-adaptiva-regarding-cdk-global](https://adaptiva.com/statement-from-adaptiva-regarding-cdk-global)
In another life I used to work for CDK Global. They are absolutely one of the most incompetent organizations I have ever had the displeasure of being a part of from both a management and cybersecurity perspective. I am not surprised this has happened and I assume the attack is much worse than CDK Global is claiming as they have a history of lying being their default communication style.
Yikes, well that's not what I wanted to hear! They still have not given any details. Mainly just that certain things like the DMS and phones were NOT effected so they enabled those again.
I worked for a company that worked directly with their software and my job was doing testing on Drive I still have nightmares
This is such an accurate statement it is scary.
In house IT for a dealership group here... we blocked Adaptiva at the firewall and killed the connection on their SD-WAN. Hoping something sketchy wasn't already installed, but nothing showing up in MDR so far.
I'd be more worried that your customer info was accessed or exposed on their network/systems, and that the FTC made it clear that dealerships are on the hook if there's a breach, not their vendors.
I'm pretty sure FTC will have no choice but to make an exception here. Even with FTC safeguard rules in place it wouldn't have mattered because of the magnitude of this breach well beyond the dealer networks. Otherwise a massive class action lawsuit will ensue as a result.
I'm good either way, all the dealers getting smacked and fighting back or CDK getting sued into the ground. What i'm not ok with is them just ignoring it, because then even more dealers will ignore IT in general.
Yea they haven't announced anything on their website or social media accounts. Not even guidance. And that's even after its hit national news across the big news agencies. Definitely not a good look for them.
So far, we've learned more on Reddit and Automotive News than we've had communicated to us from CDK.
Agree 100%, but that's out of my hands. Rumor has it dealerships who may have had compromised data have already been notified, but I haven't seen anything say that officially.
How did you block Adaptiva? Do you have a list of servers + ports it uses?
We use Sophos for endpoint and firewall, and the firewall has a list of apps that the endpoint agents discover, so we blocked it using Application Control rules.
We use Sophos for endpoint and firewall too but not Adaptiva, but for our own RMM we have a disabled "block" rule so that we can, from sophos central, enable it singly or en masse to cut customers loose from us if the worst happens (block our RMM from communicating with the dashboard).
CDK's legacy patching tool was called SIA (Software Install Agent) but they started installing Adaptiva also a few months ago. Last I heard, Adaptiva was not actually doing anything yet. Either way, I've uninstalled both from all our PCs for now.
Was notified that DMS is back up! Still would love to hear what exactly the incident was.
We were notified that it was back up, but Simple ID still doesn't work (for us anyway).
Agreed. The OLD logins are working, just not anyone using SimpleID.
I'm kinda shocked to hear how many stores are still using old logins with no MFA. Then again, I shouldn't be surprised.
Didn't even know CDK had a new way to log in.
Yeah, it uses Okta to do MFA
Something I noticed a year or so ago. Old logins are always working. I am using my old password from over a year ago even though I have been forced to change it like 5+ times since then. All the other passwords likely still work. CDK is a joke.
Apparently they paid the ransom today
The latest update: > > > > > > > >
underrated comment
All the dealerships who decided not to comply (aka refused to spend any money to protect their customers data) to the mandated FTC Safeguard rules are about to get exposed.
It’s so maddening to see CDK just deflect FTC Safeguards questions. They had years of notice on this.
According to CDK's website, they have tools to help dealerships comply with FTC rules. Like all compliance, its a business responsibility, not a vendor responsibility.
Disclaimer: I have provided IT support for dealerships as an MSP since 2008. Most dealer / owners don't understand their own IT needs and vendors like CDK, R&R and to a lesser extent Dealer Track have historically sold them (read: scared, tricked / fooled them into buying) "IT services" and maintenance on devices they didn't need thereby diverting financial resources from things they do need like Managed IT and Managed Cybersecurity services. That being said, how would a dealership having a fully implemented FTC Safeguards Compliance program have prevented this?
A well-implemented FTC Safeguards Rule compliance program at a dealership wouldn't have prevented the CDK breach itself, but it could significantly mitigate the potential impact on the dealership if the breach extends beyond CDK. If CDK's systems are tied into the dealership's network, it creates a potential entry point for hackers. So if the dealership is breached, and they can't prove they have the proper mandated cybersecurity measures in place, then they could face fines.
Agreed regarding the lateral movement aspect but that is still predicated on the initial CDK breach. However, with regards to this specific issue, a perfectly implemented FTC Safeguards Compliance program at the dealership wouldn't change the fact that if any dealer's data is compromised due to CDK (or any third party for that matter) their could be liability coming their way the way the rules are written and sometime interpreted. For smaller dealerships or newer dealerships however, they may not have to worry if they have fewer than 5,000 consumer records in their system.
They were undoubtedly ransomed
Update from Cdk as of this morning: Dear Valued Customers, We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th. Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th. As of now, our Customer Care channels for support remain unavailable as a precautionary measure to maintain security. It is a high priority to reinstate these services as soon as possible.
I don't have any dealerships under management but I can say regardless of the industry, if a vendor was compromised, the last thing I'd want to introduce is a VPN unless I have full control over it's configuration. The VPN feels like a shortcut to a bigger issue with their underlying security. Not to say the dealerships have much of a choice in every situation but I'd cut and run if that was an option.
If i recall correctly, they used to run multiple dealerships on one "instance" if that makes sense. So, you could accidentally map an output workflow to another dealerships printer, or their support could. Details are fuzzy but basically, i don't think any of the major DMSs are designed with security in mind AT ALL.
A guy at CDK once told me their systems are automatically safe, because they run Linux.
Anyone know if this impacted any UK orgs using CDK or US only?
Didn’t they sell their UK division to KeyLoop like in 2021?
I've got a couple of major dealerships. Not using CDK We have two factor authentication for all computers and email. We also use some pretty tight access control lists inside the Palo Alto firewall and even and on-site exchange. Even the Ipads are app restricted to job need only items. The only issues have been basically people clicking on things. But the air gapped backup restore covers the issues if they happen.
That's good stuff but wouldn't matter if your DMS got hit.
Yea my dealers use reynolds..
Is the DMS hosted on site or did the dealership opt for Reynolds data center package?
With on-site, you just need one server room for the System, then you carry the data out to multiple dealers via Site to Site VPN.
On site is the best way for that stuff.
Friendly neighborhood insurance guy here. Here's what popped into my mind: 1. CDK is likely the data holder, but the dealership is probably the data owner. If any information of the client's dealership was acquired, it means that the dealership - NOT CKD - will need to provide breach notification, credit monitoring etc. 2. Remember to: [Identify, Contain, and Refrain](https://youtu.be/Cclnpr7IO3U?si=fVc1QYOEXM61OwaY) for your own liability purposes. 3. Given the size of this matter, law enforcement is probably involved. This means that we may not know what actually happened in any reasonable amount of time. That doesn't bode well for any dealership which is impacted. 4. The dealerships need to work with their insurance guy to determine if this incident qualifies as a reportable, "circumstance." Failure to report a circumstance before renewal could later lead to a declination of coverage for this event. There are a few cyber insurers I know of that concentrate in this space. Large dollars on the line could easily lead to these insurers denying coverage later on to save their bottom line. 5. Also, the dealership should have "dependent business interruption reimbursement" (or some analogous term) on their cyber policy that could reimburse them for revenue lost during this outage. It's probably a sublimit ranging from $100K to $250K, but that could alleviate some of the pain. Typically a forensic accountant is provided by the insurer to demonstrate losses. 6. I'm still contemplating whether this qualifies as a reportable event under your MSPs Tech E&O policy. More to follow on that front. Hope that helps. Happy to answer any questions you may have.
Always good stuff, sir. Thank you for your service!
👍
They updated their hotline message to say that it will be “likely several days” before functionality is restored
We have 5 dealerships and have spent the better part of 2 days stripping CDK, LegaSuite, and ADP off every device. Good news is, other than that, the ticket volume is much lower lol
So you think they are very close to fix this issue ?
There’s no way. They’re claiming “a few days”. I’d be surprised if we’re up by Monday. They thought they could be cute trying to bring us all back online yesterday from a backup and quickly found out that wasn’t the case. Secretary of State even shut down CVR.
You can't make this shit up. Seriously. C-level executives need to be jailed for this kind of incompetency. [CDK Global hacked again while recovering from first cyberattack ](https://www.bleepingcomputer.com/news/security/cdk-global-hacked-again-while-recovering-from-first-cyberattack/)
To be fair, we don't know what happened yet..... but most likely CDK dropped the ball.
Jailed? Dramatic much?
Not dramatic. As someone whose information has been compromised multiple times, I'm tired of being told my data is "safe" only to see how poorly guarded it is in the end. Yes, I recognize I should consider any data outside of my direct control "leaked" the moment I decide to share it, but there's next to no incentive for most large businesses to properly store our information in the first place. Monetary fines either need to be raised to bankruptcy levels or people need to face real punishment for data breaches caused by incompetent gross negligence.
Heads up - Vendor post to follow. We’ve been following the situation, and in the effort of helping to provide peace of mind over the coming week, as with the SolarWinds breach of 2020, we’d like to **provide any Lumu licenses needed in CDK environments for as long as you need to verify things are back to normal post-incident.** As these types of supply chain attacks can often bypass an EDR, Lumu’s NDR is relatively uniquely equipped to monitor network traffic and automatically block malicious, suspicious, or unusual behavior, whether that’s at the endpoint or network level. We detect behavior to be blocked, and then issue site- and network-level blocks via your firewall and EDR, in near real-time without your team needing to process approvals/reviews. While Lumu is typically free up to 50 endpoints, we’d like to manually raise any limits needed for your CDK-present environments, free of charge. Please shoot us an email directly at [[email protected]](mailto:[email protected]) or [use this form to submit a request](https://lumu.io/msp-mssp/), and we’ll follow up as soon as we hear from you.
Very cool of [Lumu.io](http://Lumu.io) to offer this. It's nice to see a vendor in the "help first" space.
HERE IS THE NEWS [https://www.bloomberg.com/news/articles/2024-06-21/cdk-hackers-want-millions-in-ransom-to-end-car-dealership-outage](https://www.bloomberg.com/news/articles/2024-06-21/cdk-hackers-want-millions-in-ransom-to-end-car-dealership-outage)
All the customers and all manufacturers data like Toyota, Honda, Mercedes, BMW, and others go to CDK.
Former Service appt department worker here. I left because of just how horrible it was a few months back and wow. So not surprised. this is karma really. They have to sign into their systems then clock in. IT TOOK TEN MINUTES TO GET INTO ALL REQUIRE PROGRAMS. Hr response? that replaces the drive since you are remote.....
We have a few dealerships, can confirm they don’t truly value safe guarding IT. FTC is just big government reaching their hands into the pockets of the dealerships…is what I was told.
I'd recommend you show this to your dealerships: [https://www.ftc.gov/legal-library/browse/cases-proceedings/102-3094-franklins-budget-car-sales-inc-also-dba-franklin-toyotascion-matter](https://www.ftc.gov/legal-library/browse/cases-proceedings/102-3094-franklins-budget-car-sales-inc-also-dba-franklin-toyotascion-matter)
Yes send this link to any client that says safeguards schmasheguards.
Of note: That was the old safeguards rule. The new penalties and requirements are more stringent.
again..,. second day attack.
I heard rumors that they got hit again late last night? Any reports/truth?
This is my understanding
Yes, they have confirmed it. Dear Valued Customers, We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th. Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th. As of now, our Customer Care channels for support remain unavailable as a precautionary measure to maintain security. It is a high priority to reinstate these services as soon as possible. Edit: Follow-up indicates they'll be down for several more days.
I thought they brought things up awful quick for such a massive event. Guess they were a bit optimistic.
Watching 💀
CDK is down at my dealership here in Illinois but it doesn’t seem to have peoples spirits down much. Buisness is going on as usual, besides the salesman not being able to sell any cars, parts guys not being able to get into their systems to get parts to people. Our internet and Bill Walsh website wasn’t working yesterday either lmao. I work in the aftermarket accessories department and our websites we use for selling are all still up and running. This problem won’t have dealerships shutting down because of it will it?
I work at a dealer in Illinois but the most I can think about is the fact that bdc is unable to schedule anything. Also the amount of open handwritten tickets we already have will be insane to close out once cdk is back up. Not to mention the warranty ones that need time ran… they just keep piling up
Down in PA too. Users seem to think that, despite the warning, being able to login with legacy accounts and work means they’re safe and that we shouldn’t cut their connection. We had someone log a whole department in with their master account that hadn’t yet been migrated because they wouldn’t accept that there was an outage.
It seems like CDK has disabled that ability anyway. VPN to their data center has been disabled.
That’s good! They needed to be saved from themselves
What data could they have access to? Literal customer credit info?
Yes
What data *could* they have access to? Credit card information, credit checks \[which might include SSN\], customer phone numbers, dealership internal phone numbers, payroll, internal financial reports, etc. CDK was an all in one dealership solution, pretty much every facet of a car dealership would be integrated into CDK.
My fiancé sells cars.. now he can’t make money :(
Anyone know how long it could take to fix? I’m tryna get married lol
Thousands and thousands of people are more or less out of work and hoping for a paycheck and a light at the end of this tunnel. If this is throwing a wrench in your wedding then this CDK hacking isn’t the problem.
It’s gonna be a hot minute 😭
There is no reason he can not sell cars. We didn't have computers before and sold cars.
Anyone here know the file names and / or file locations for cdk sia or adaptiva we may have it on a couple of machines but trying to block it through edr currently and of course can’t find the actual names
I’ve been waiting for my car to be repaired for a month and a half now. They finally said they’re working on my car and then this shit happens. Fuck whoever did this
I was sitting in the lobby of a dealership when I heard about it. I was working on their WIFI
Fair warning. There are confirmed reports of dealerships getting phishing phone calls today from TA's posing as CDK Agents.
Here's how I mitigated the risk from the CDK VPN: I connected their gateway router to a DMZ port on my firewall, and I NAT the traffic, allowing only LAN-to-CDK. I also route ONLY traffic to the CDK portal to their router.
What can be done if you are impacted by this? My car is in the shop and cannot get repaired because they cannot locate/ship inventory.
Get your car back/transport it to a shop that doesn't use/rely on CDK.
Wait
Statement from Adaptiva: Adaptiva’s products remain completely secure and are not involved in this breach. We do not recommend disabling the Adaptiva client at dealerships since this functionality may be necessary in the future to expedite the recovery process and bring dealerships back online. Please note that Adaptiva will never call you with a request for your credentials. In case of any questions about Adaptiva, please email [email protected]. https://adaptiva.com/statement-from-adaptiva-regarding-cdk-global
This needs to be on your website, not in a reddit comment if its true.
Makes me concerned that CDK's access to Adaptiva was hit and blocking them was the right decision. Or they're just a troll.
No chance. It stays disabled/blocked until CDK is back online for at least a few days with no incident.
But here is what I don't understand about your statement: while your product may not be infiltrated, CDK was and they use your product. Therefore CDKs access to push data could be used by the evil ones, and THAT is the worry your statement doesn't address.
A little birdie told me they don’t have a lot of cyber risk coverage so this will all be a big cash outflow too
The private equity firm that owns CDK, may also own the cyber insurance company. A teeny tiny conflict of interest.
Does anyone know if this hack compromises the software in my Mercedes GLC 300 or is it dealership software only?
Dealer software only. There's no expected transmission to computer modules in vehicles.
Hey. I have a GLC 300 that my Key started having connection issues on Thursday. What happened to yours? The timing is too close because it was just fine the day b4. It locked up and wouldn't don't do anything it had to be towed to the dealership.
Sad part is these are known bad actors…3rd party downstream providers are high risk…lots of breaches happen this way and have historically….known bad actors and this group is on the DHS block list…💯unacceptable that this breach even happened
Updated statement from Adaptiva on our web site: [https://adaptiva.com/statement-from-adaptiva-regarding-cdk-global](https://adaptiva.com/statement-from-adaptiva-regarding-cdk-global)
Is inventory pileup going to be an issue?