CDK Global Data Breach Hamstrings Dealerships Spawns a Flurry of Class Action Lawsuits Featured
CDK Global lulled dealerships into believing its systems were secure against cyberattacks despite allegations it failed to meet minimum regulatory standards.
A flurry of class action lawsuits were recently filed against Illinois based CDK Global (CDK) over the automotive dealer software developer’s allegedly negligent failure to protect sensitive consumer data following a June 2024 cyberattack.
CDK Global software as a service (SAAS) is used by nearly 15,000 automotive and truck dealerships as well as OEM suppliers across the U.S.A and Canada.
As a result the data breach, dealerships across the continent have been hamstrung for days, with no end in sight. Reports indicate that the shutdown will continue until the end of June. More important, the personal identities of upwards of 6 million people are now at severe risk of identity theft.
What Happened?
The incident is believed to have started on the evening of June 18, forcing CDK to shut down its systems, leaving thousands of dealers across the continent suddenly unable to operate. According to BleepingComputer.com, CDK suffered a second data breach on June 19th, while it was attempting to restore its systems.
CDK launched an investigation in the attack and has engaged third-party experts and notified law enforcement,
According to a June 22 memo obtained by CBS MoneyWatch, the incident is being characterized as a “cyber-ransom event.” Multiple sources report that the BlackSuit ransomware gang was behind the attack.
In its memo, CDK Global reportedly cautioned car dealerships to be on the lookup for scammers pretending to be CDK employees looking for access to their systems.
CDK System Shutdown Devastating To Dealership Operations
As a result of the cyberattack, dealerships now face sustained disruption to their operations and substantial financial loss. Some CDK customers including AutoNation, Group 1 Automotive, Lithia Motors, Sonic Automotive, and Penske Automotive Group all report the incident and its potential effect on business to the Securities Exchange Commission (SEC).
Several other auto companies – including Stellantis, Ford, and BMW – confirmed last week they the CDK outage had impacted some of their dealers, but that sales operations continue.
Class Action Lawsuit Filed On Behalf of Affected Dealerships
On its website, CDK touts its cybersecurity capabilities, promising to “stop cyberattacks in their tracks.” CDK also promises its customers that use of its services would “safeguard your dealership against cyberattacks to keep your computer from slowing down or stopping altogether” and “provide robust cybersecurity so you can stay focused on customers and selling cars.”
It seems bitter irony that the lawsuits against CDK allege negligence insofar as it breached its duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations as well as encrypting sensitive data.
In essence CDK relied on false advertising as it “had no effective means to prevent, detect, stop or mitigate breaches of its systems – thereby allowing cybercriminals unrestricted access to its current and former clients” personal data. That data includes –
- Social Security numbers,
- employment history,
- driver’s license info,
- financial account details and more.
CDK has not indicated if it will compensate affected dealerships for any financial losses or potential exposure to identity theft as a result of the cyberattack.
Join CDK Global Data Breach Dealership Class Action
If your dealership was affected by the CDK Global data breach, you may be eligible to participate in a class action lawsuit to recover compensation for financial losses, loss of privacy, time spent dealing with the breach, and more.
The lawsuit looks to cover any dealership in the USA whose operations was compromised by the data breach announced by CDK on June 19, 2024.
Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you.