CDK resumes service delivery for a select group of auto dealerships
CDK Global Recovers from June 2024 Ransomware Attack
CDK Global, a leading provider of software solutions for the automotive industry, has been on the road to recovery since a major ransomware attack on June 19, 2024. The attack, attributed to the BlackSuit hacker group, caused disruptions to sales, customer relationship management, parts, inventory, and accounting functions for CDK's dealership customers across the US and Canada.
Following the attack, CDK Global paid a $25 million ransom in bitcoin on June 21, 2024, and began restoring services on June 23. The company initially projected that restoration would not complete before June 30, but by July 4, 2024, access for nearly all dealers had been restored, marking a significant milestone in the recovery process.
The attack had a notable impact on prominent U.S. car dealerships such as Sonic Automotive, Penske Automotive Group, AutoNation, Group 1 Automotive, and Lithia Motors. The disruption contributed to an estimated 7.2% reduction in U.S. retail unit sales in June 2024 compared to the previous year, with financial losses around $605 million incurred by dealers within the first two weeks post-attack. Additionally, lawsuits alleging negligence were filed by affected dealerships against CDK Global.
In the aftermath of the attack, CDK has created a dealer resource center with commonly used documents and forms to support sales and service efforts during the outage. Lisa Finney, the senior manager of external communications at CDK, has stated that they understand and share the urgency for customers to get back to business as usual and will continue providing updates as more information is available.
CDK Global commands a large market share, providing software to over 15,000 car dealer customers across North America. Despite the disruptions caused by the attack, the company is phasing in other dealers once validation is complete and is working to bring additional applications live, including customer relationship management and service solutions.
As of mid-2025, no new major disruptions linked to this attack have been reported. The restoration effort completed phases within weeks after the attack, and while the initial impact was severe, ongoing recovery and business operations appear to have stabilized. There is no evidence from available reports of further persistent disruptions or compromised services continuing beyond 2024. Cybersecurity actions and industry vigilance have likely improved since the incident to prevent recurrence.
In summary, CDK Global has completed its primary recovery from the June 2024 ransomware incident with significant but contained impacts on its major car dealership customers. The company continues to work towards providing necessary services and updates to its customers and the industry.
| Aspect | Details | |--------------------------------|--------------------------------------------------------------| | Attack Date | June 19, 2024 | | Hacker Group | BlackSuit (Eastern European / Russian origin) | | Ransom Paid | $25 million in bitcoin (June 21, 2024) | | Service Restoration Timeline | Began June 23, 2024; nearly all dealers restored by July 4 | | Impact on Dealerships | Financial losses ~$605 million (first two weeks), share prices fell up to 4.4% | | Sales Impact | Estimated 7.2% decline in U.S. retail car sales for June 2024 vs. 2023 | | Legal Consequences | At least 8 lawsuits alleging negligence | | Status in mid-2025 | Services restored, stabilized, no major ongoing disruptions |
- The ransomware attack on CDK Global, affecting the automotive industry, also impacted significant finance companies, as U.S. car dealerships like Sonic Automotive, Penske Automotive Group, AutoNation, Group 1 Automotive, and Lithia Motors faced financial losses.
- The cybersecurity incident concerning CDK Global, a key player in the technology sector, created a need for enhanced cybersecurity measures within the industry, aiming to prevent similar attacks in the future.
- Apart from the automotive sector, businesses relying on CDK Global software including finance and transportation industries faced disruptions due to the ransomware attack on June 19, 2024.
- As the leading provider of software solutions for the automotive industry, CDK Global's recovery following the ransomware attack in June 2024 has showcased the importance of cybersecurity in various domains, including the automotive, finance, and technology industries.
