CDK Global Plans To Pay Hackers Millions Of Dollars To Get Dealers Back Online

Plainfield Circa September 2020: Chevrolet Automobile Dealership. Chevy Is A Division Of General Motors And Makes The Silverado, Camaro And Impala.
ADVERTISEMENT

The CDK Global cyberattack that impacted about half of the dealers in the United States was not so much a cyberattack as it was a ransomware attack as many had speculated. The case might be worthy of study in the future as the PR response from CDK Global has been quite bad. Of course, many other types of cases (of the legal variety) may follow.

Monday, Monday, you can’t trust that day!

Speaking of trust, GM has admitted its Cruise unit needs to earn some back after a terrible incident last year and an also-terrible response, which will result in the maximum fine being paid out, which will likely settle that matter.

Ford is also in hot water this morning, with about $57 million awarded by a jury to a woman in Colorado after she claims a Ford Expedition ran over her leg. That matter is less settled.

And, finally, China and the EU are going to talk about tariffs as the EV-dominant country tries to reverse them.

CDK Global Hackers Want Millions, CDK Global Likely To Pay

Cdk Global Dealer Hack
Photo: CDK Global

As more and more operations go online, ransomware has become a larger threat to businesses. A recent article in Cybercrime Magazine suggests that ransomware costs could rise to $265 billion by 2031:

Cyberattackers will just as quickly strike a hospital as a Fortune 500 organization. The only things that matter are finding an initial access point, encrypting networks, and — when possible — extracting sensitive data to exert pressure on victims for extortion purposes.

As a global threat, the risk of prosecution, in many cases, is low, allowing rogue operators to organize themselves with staff, structures, and processes comparable to modern-day businesses.

Unless you work for a dealer, you probably didn’t know what CDK Global was, but the firm’s software is used by approximately half the car and truck dealers in the United States to do everything from tracking sales and paperwork to writing service tickets. The company advertises its services as an integrated Dealer Management System (DMS) that can do everything a dealer needs.

The obvious downside of this is that, in the absence of CDK’s services, dealers suddenly can’t do as much. We found out last week that CDK Global brought down its services on June 19th for what it called a “cyberattack.” We learned on Friday that the effects of the attack were likely to last for days, right as most dealerships were planning their big start-of-summer sales.

From Automotive News:

Robert Serrano, general manager of New Country Toyota of Westport in Connecticut, said the mood at his store was still strong as staff was working deals and the service department had 20 appointments.

The store’s owner is New Country Motor Car Group, of Saratoga Springs, N.Y. The group owns more than 30 dealerships there, in Connecticut, Florida and Maryland.

“I’m hoping, and maybe this is just wishful thinking, that it comes on today because it’s the second-to-last Saturday of the month, and I’d love to bill out some cars, but right now, [it] doesn’t look that way,” Serrano told Automotive News.

Serrano said that most customers were unaware of the issue, but inside he was “agonizing” over the hack.

As a journalist, the response from CDK Global has been disappointing and many people were speculating in the comments here that it was ransomware as nothing else made sense, but the company was slow to acknowledge anything.

Credit goes to Craig Trudell at Bloomberg who was the first to report that it was, indeed, ransomware and that CDK was going to pay:

CDK is planning to make the payment, said the person, who asked not to be identified because the information is private. The hacking group behind the attack is believed to be based in eastern Europe, the person said. In the early days of any ransomware attack, discussions are fluid, and the situation could change.

CDK didn’t respond to multiple requests for comment on Friday.

CDK Global has told customers it’ll start restoring services as soon as it can, but it’ll probably still take “several days” for all outages to be ended. This weekend is the last weekend of the month, which is a big deal for dealers.

How much money was lost here is a big question. How many sales did dealers end up losing? How much did CDK Global end up having to pay? Many large dealership groups use this software and, even if there’s not a lawsuit, the possibility of CDK Global having to compensate dealers is real.

Finally, how many sales were lost? Are we going to see a downturn in car sales for June just as momentum is building?

The industry learned from the pandemic that the world was indeed not flat and that having the same few suppliers for critical needs wasn’t a great idea. Perhaps dealers need to learn the same lessons.

Ford Ordered To Pay $57 Million Over Expedition Accident

1998 Ford Expedition

It’s not often that you see a car company sued over a vehicle that’s over 25 years old, but Lorelle Thompson of Colorado has been awarded one of the largest personal injury payouts after she claimed her leg was crushed when her 1998 Ford Expedition allegedly “self-shifted into powered reverse.”

From The Detroit News:

An eight-member jury in the trial overseen by U.S. Colorado District Court Judge Maritza Dominguez Braswell determined Ford was liable for and negligent with a design defect in the vehicle. It awarded Thompson $56.575 million, including $45 million in punitive damages.

“While our sympathies go out to Ms. Thompson and we respect the jury’s decision, we do not believe the verdict is supported by the evidence,” according to a statement sent by spokesperson Richard Binhammer. “We have filed post-verdict motions that are currently pending before the court.”

The lawsuit alleged the Expedition’s shifter was defective and that Ford knew there was a problem dating to the 1980s. Ford denied the claims.

This will be an interesting one to watch on appeal.

GM To Pay $112,500 For Withholding Crash Info

Cruise Car In Hayes Valley, San Francisco
source: Cruise

Sometimes, it’s both the crime and the coverup that gets you. Last year, GM’s robotaxi unit Cruise was informed that one of its vehicles was near an accident that involved a Nissan striking a pedestrian. The Cruise vehicle didn’t understand it struck that pedestrian and, ultimately, dragged the victim about 20 feet as the autonomous Chevy Bolt pulled over to the side of the road.

This led to the company shutting down its services temporarily and a leadership crisis that saw most of its C-Suite gutted. Why? The company was terrified of the media and of regulators, convincing itself that it wasn’t that big of a deal and withholding some footage from California authorities.

Once regulators wised up to what happened all hell broke loose.

Cruise will have to pay $112,500 to the California Public Utilities Commission which oversees driverless cars. While it’s not a huge amount of money, it’s the maximum fine the CPUC can charge. From the San Francisco Examiner:

Over The City’s objection, CPUC Administrative Law Judge Robert Mason III approved Cruise’s settlement offer. The only change is that the company will pay more than the $75,000 it previously offered. The amount Cruise will have to pay is the maximum allowed by state law and what the company’s president verbally agreed to at a February hearing, he said.

Mason rejected the call by the San Francisco Municipal Transportation Agency that CPUC conduct its own investigation into the accident, rather than relying on a report about it from San Francisco law firm Quinn Emanuel Urquhart & Sullivan that was commissioned by the company.

Going down that route would likely drag out the case for no good reason, Mason said in his ruling approving the settlement. Cruise has already admitted that it didn’t immediately give a full accounting of the accident in the immediate aftermath of the incident and has committed to more transparency in the future, he said.

Cruise robotaxis are starting to go back out on the streets in certain markets.

What’s The EU Going To Do About China?

Byd Qin Ev

We’ve previously chatted about all the ways that China might react to EU tariffs on its EVs, as it has a lot of leverage over the 27 nations that make up the European Union.

China, unsurprisingly, has asked the EU to cancel its tariffs (which range from 17-38%), but that isn’t going to happen anytime soon.

Per Reuters:

“Nobody will dare to do this now. Not before the elections in France,” said Alicia Garcia Herrero, senior fellow at Bruegel, an influential EU affairs think tank, on whether the planned curbs could be dropped.

“The Commission can’t change a decision it has been pondering for months on months on months,” she added. “Yes, China is putting pressure on the member states, but they would need to vote with a qualified majority against the Commission.”

That sounds right, although the ongoing talks between the EU and China demonstrate to me that, while China has a lot of leverage, it also clearly wants access to the EU market, which means the EU also has leverage.

Overall, talks are good, or as the head of Germany’s biggest industry association BDI put it:

“You know the old saying: as long as there are talks you’re not shooting at each other.”

What I’m Listening To While Writing TMD

I’ve been enjoying Sabrina Carpenter lately and I couldn’t quite put my finger on why, then I realized that she sounds like Nina Persson from The Cardigans doing Ariana Grande songs. Anyway, here’s Tom Jones and The Cardigans doing a Talking Heads cover in a super trippy video from the aughts.

The Big Question

Was the internet a mistake?

About the Author

View All My Posts

162 thoughts on “CDK Global Plans To Pay Hackers Millions Of Dollars To Get Dealers Back Online

  1. You say that dealers need to learn the lesson that they shouldn’t rely on the same two or three vendors, but dealers typically have as much choice in that sort of thing as a homeowner does for how to get cable.

    1. Exactly. I work in parts at a dealership (first time I’ve ever said that I’m thankful we use Dealertrack), but as far as I’m aware, there’s only, like, 4 different DMS options.

    2. I work for a software company I won’t name that specializes in DMS software.

      There are way more DMS programs out there than people seem to realize, the problem is that most of them aren’t designed for large dealers, and only some of them are large enough to partner with the right credit processors that are authorized by dealers.

      1. Thank you for the reply! I’ll admit that I don’t work with our DMS software, just with the website backend (former photographer, now videographer).

  2. It wasn’t a mistake since it has the best site ever: The Autopian!!!
    Also, I’m still wondering if they’ve tried “turning it off and on again”

  3. It should have been the new Library of Alexandria, but we ended up with greater division where people cannot even agree on reality and massive increase in—a downright celebration of—narcissism. Personally, I ended up more misanthropic than I thought imaginable and I was never much of a people person. I think much of the blame goes to social media, but certainly not the whole problem. Going back to the misanthropy, I think the problems are inevitable with humans.

Leave a Reply