A supply chain cyberattack on software provider CDK Global forced thousands of car dealerships to shut down Wednesday, a traditionally busy day for sales with the Juneteenth holiday.

Reports said the first dealerships started getting booted offline around 2 a.m. Eastern Time. Some shut down altogether, unable to access critical information, while others maintained some services by relying on paper records.

CDK provided a statement to Dark Reading explaining that the company, which serves 15,000 dealerships, took systems offline as a precaution but said they have since been restored.

“We are continuing to conduct extensive tests on all other applications, and we will provide updates as we bring those applications back online,” CDK said in its statement. “Our first priority is always the security of our customers, and our actions reflect our obligation to them as a trusted partner.”

The specific nature of the supply chain cyber incident and whether systems have been restored remains unclear. However, Roger Grimes, data-driven defense evangelist with KnownBe4, said he suspects ransomware.

“It hasn’t been released what type of ‘cyber incident’ this is, but there’s a good chance it’s related to ransomware,” Grimes said in a statement. “When more details are released, I hope part of the details include how the cyber threat made its way into CDK’s systems (e.g., social engineering, unpatched software or firmware, etc.). Because in order to mitigate future occurrences you need to start with how the current incident was caused.”

According to Andrew Costis, chapter lead on the adversary research team at AttackIQ, the cyber incident is far from over for dealerships that rely on CDK software. He suggested there is more than one cyber incident impacting the software maker.

“CDK is suffering from not one, but two cyberattacks that have caused the SaaS provider to shut down IT systems,” he told Dark Reading in a statement. “Given the extensive reliance on this third-party vendor, the fallout from this attack reverberates throughout the entire automotive industry.”

Source

About Author

Dark Reading

See author's posts

Tags:

Related News

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

March 12, 2026

Securing Airline Public Wi-Fi: Stop Threats With Protective DNS

March 2, 2026

You may have missed

White House executive order purports to limit mail-in voting, mandate federal voter lists 

March 31, 2026

Attack on axios software developer tool threatens widespread compromises

March 31, 2026

Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro

March 31, 2026

Prompt Injection Is Becoming a Data Security and Cyber Defense Problem

March 31, 2026

NIST SP 800-81r3: What’s New?

March 30, 2026

Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’

March 30, 2026
WordPress Appliance - Powered by TurnKey Linux