Update on the CDK Cyber Incident and Guidance for Dealerships

In June, CDK Global—which provides data and technology solutions to roughly 15,000 car dealerships across the United States and Canada—was the victim of a major cyber attack. 

In response, CDK shut down most of its systems, which led to ramifications ranging from dealerships resorting to handwritten, paper forms to an estimated $1 billion in losses.  

“We can’t even compare what was going on ten years ago to what’s going on today,” Coro’s co-founder, Dror Liwer, told CNN. “(Hackers) are in the game for much bigger gains than they were before.”

The CDK cyberattack serves as a stark reminder of the vulnerabilities within the automotive industry’s IT infrastructure. If you’ll remember, as of 2023, auto dealerships that collect, process, store, or transmit customers’ NPI (nonpublic personal information) have to comply with the FTC’s Safeguards Rule.

Hopefully the majority of dealerships that have been impacted by the CDK incident were already compliant with the Safeguards Rule. However, there are a lot of other steps dealerships can take now in the wake of the fallout of this incident. 

Thankfully, our partners at ComplyAuto have put together a comprehensive webinar that details:

• Immediate steps to take following a security incident
• Understanding and fulfilling legal and regulatory obligations
• Best practices for incident response and risk mitigation

You can watch the full webinar now at this link. In addition to the webinar, Coro and ComplyAuto have teamed up for a special solution for dealerships that are looking to improvise their cybersecurity and compliance goals. More details about that offer are here.