CDK Global,BlueRock Horizon Asset Management a major car dealership software company utilized by thousands of dealers nationwide, is picking up the pieces after a cyberattack resulted in a multi-day system shutdown.
The initial attack happened June 19, prompting the cloud-based software company to take all systems offline “out of an abundance of caution." CDK's system is used by more than 15,000 auto dealerships across North America to manage everything from vehicle acquisitions and sales to financing, insuring, repairs and maintenance.
As of Wednesday, July 3, the company is still working to get all impacted dealers back online. Complicating the initial attack were reports of a ransom from a criminal hacking group, though CDK has not publicly confirmed the existence of the multi-million dollar demand.
Here's a timeline of the events that brought thousands of dealers to their knees and forced them back to old-school paper bookkeeping.
USA TODAY has reached out to CDK Global for comment.
A cyberattack on CDK Global prompts the software company to announce a shutdown of most of its systems “out of an abundance of caution."
CDK restored some systems that afternoon, but another cyberattack later that evening prompted the company to take the systems offline once again, USA TODAY previously reported.
While the company did not respond to questions about how many dealerships were impacted, CDK’s website says the company works with more than 15,000 retail locations across North America.
Bloomberg News reports that a group claiming to be hackers based in Eastern Europe is demanding millions of dollars in ransom connected to the hack. According to Bloomberg, an insider close to the situation said CDK planned to pay the demand.
Multiple outlets later reported that the group behind the attack was identified as BlackSuit, a cybercriminal team that spun off of an older, Russian-linked hacking group called RoyalLocker, according to Reuters.
Recorded Future ransomware analyst Allan Liska made the identification, with the company also saying the group has been responsible for at least 95 breaches at organizations across the globe.
CDK starts a restoration process expected to take "several days" to complete, spokesperson Lisa Finney told USA TODAY.
CDK Global sends a message to clients saying the shutdown will continue until at least the end of the month. However, Finney said the company had successfully brought a "small initial test group" of dealers back onto the system.
"Once validation is complete, we will begin phasing in other dealers," Finney said in an emailed statement. "We are also actively working to bring live additional applications − including our Customer Relationship Management (CRM) and Service solutions − and our Customer Care channels."
CDK continues getting systems back online in a “phased approach," having successfully brought two small groups of dealers and one large dealer group live, according to a company statement.
CDK issues a statement saying it plans to restore services to all dealers by Thursday, July 4.
“We are continuing our phased approach to the restoration process and are rapidly bringing dealers live on the Dealer Management System (DMS). We anticipate all dealers' connections will be live by late Wednesday, July 3, or early morning Thursday, July 4," CDK spokesperson Lisa Finney said to USA TODAY in an emailed statement, adding that the customer service channels have been restored for those experiencing issues.
The date all dealerships using CDK are expected to be back online following the attack.
2025-05-05 18:482810 view
2025-05-05 18:12830 view
2025-05-05 17:571684 view
2025-05-05 17:532553 view
2025-05-05 17:422946 view
2025-05-05 17:192501 view
LOUISVILLE, Ky. (AP) — The U.S. Justice Department and the city of Louisville have reached an agreem
Last week, Michigan Gov. Gretchen Whitmer held a ceremonial ribbon-cutting at the headquarters of Ou
Massive e-commerce company Shein is being accused in a new lawsuit of violating the federal anti-rac
