“We were on our own server until a month ago because CDK forced us to go to the cloud so we could implement [Electronic Repair Orders, EROs],” wrote one worker on r/serviceadvisors. “Since the change, CDK freezes multiple times a day… But now being completely down for 2 days. CDK I want a divorce.”
CDK benefits from “a rise in consolidation”
CDK started as the car dealership arm of payroll-processing giant ADP after ADP acquired two inventory and sales systems companies in 1973. CDK was spun off from ADP in 2014. In mid-2022, it was acquired by venture capital firm Brookfield Business Partners and went private, following pressure from activist public investors to trim costs.
Brookfield said at the time that it expected CDK “to benefit from a rise in consolidation across the dealership industry,” an industry estimated to be worth $30 billion by 2026. Analysts generally consider CDK to be the dominant player in the dealership management market, with an additional 15,000 customers in the trucking industry.
Under CEO Brian McDonald, who returned to the firm after its private equity buyout, the company pushed most of its enterprise IT unit to global outsourcing firm Genpact in March 2023.
CDK released a report on cybersecurity for dealerships in 2023. It noted that dealerships suffered an average of 3.4 weeks of downtime from ransomware attacks, or potentially an average payout of $740,144 (or even both). Insurer Zurich North America noted in a 2023 report that dealerships are a particularly rich target for attackers because “dealerships store large amounts of confidential, personal data, including financing and credit applications, customer financial information and home addresses.”
“In addition,” the report stated, “dealership systems are often interconnected to external interfaces and portals, such as external service providers.”
Lisa Finney, senior manager for external communications at CDK, said in a statement Thursday that at CDK, “In partnership with third party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our effots to reinstate our services and get our dealers back to business as usual as quickly as possible.”
As of Thursday morning, the firm has not clarified if the “cyber incident” is due to ransomware or another kind of attack.
This post was updated at 2 pm to note a message indicating that CDK’s outage could last several days. It was updated again at 4:15 p.m. with a statement from CDK.
