CDK Global Ransomware Attack Disrupts Thousands of North American Dealerships

Systems Offline Across North America

CDK Global, a primary software provider for the automotive retail industry, shut down its central systems this week following a major cyberattack. The outage affected more than 15,000 dealerships across the United States and Canada, effectively freezing their ability to sell vehicles or perform repairs. Dealerships rely on these tools for everything from financing contracts to tracking spare parts inventory.

The company detected the breach early Wednesday and took the proactive step of taking its data centers offline to contain the threat. This decision immediately disconnected thousands of business locations from their primary operational hub. While some systems were briefly restored on Thursday, a second incident forced another complete shutdown, leaving staff to manage transactions with pen and paper.

The Operational Impact on Retailers

The disruption targets the Dealer Management System (DMS), which functions as the central nervous system for modern showrooms. Without access to this software, salespeople cannot finalize purchase agreements or verify trade-in values. The impact extends beyond the sales floor to the service department, where mechanics cannot access digital records for vehicle maintenance history or order necessary components.

• Sales teams are using manual spreadsheets to track leads and inventory.
• Finance departments are unable to run credit checks through integrated portals.
• Service centers are reporting significant delays in processing customer repairs.
• Payroll and administrative functions for dealership employees remain stalled.

Major manufacturers including Ford, Stellantis, and BMW confirmed that the outage is affecting their retail partners. While the car companies themselves were not direct targets, their supply chains and retail networks are deeply integrated with CDK's infrastructure. This dependency highlights a significant vulnerability in the automotive sector's digital backbone.

Ransomware Groups and Recovery Efforts

Reports indicate that a ransomware group is behind the intrusion, demanding tens of millions of dollars to restore access. CDK Global has not publicly confirmed the identity of the attackers but stated they are working with third-party forensic experts to investigate the scope of the breach. The company is currently focused on a phased restoration process to bring critical services back online safely.

Cybersecurity analysts suggest the recovery could take days or even weeks depending on the level of data encryption. Dealerships are being warned to remain vigilant against phishing attempts that may exploit the current confusion. Many businesses are now evaluating backup providers to avoid total operational paralysis in the future.

The incident underscores the risk of industry-wide consolidation where a single software failure can halt an entire economic sector.

Industry experts are now monitoring whether other automotive software vendors will face similar coordinated attacks in the coming weeks.