CDK DMS Cyberattack: What Dealerships Need To Do When They Are Back Online

Now, relying solely on pen and paper, dealerships are forced to go back to a time void of technology by selling cars and doing service work without the help of their DMS. As dealership operations begin to come back online, what can dealerships do to ensure that the events of the last 48 hours are documented in the system, the correct taxes are paid, sales and service work is correctly recorded, employee hours are allocated, and you’re asking the right questions and more?

If you would like to discuss how this cyberattack may impact your dealership, don’t hesitate to contact a member of our team.

A Checklist for Dealerships

While this incident is still in its early stages to determine what happened, how it happened and what if any data has been compromised here is a checklist of some of the major things that dealerships should address as well as some not-so-obvious items to look out for as this continues to unfold:

  1. Please be aware that scammers are contacting dealerships posing as CDK in attempts to gain access to private information. If anyone from your dealership is contacted by “CDK”, do not provide them with any personal information. Instead, hang up and contact CDK directly yourself with any questions or concerns to avoid falling victim to these scams.
  2. Dealerships need to dedicate a period to overall reconnaissance before going back to business as usual. All departments need to help the accounting office gather the necessary information accumulated during this downtime to ensure it will be accurately entered into the system, or the dealership will face repercussions later.
  3. Once CDK comes back online, everyone at the dealership should go into CDK setups to ensure that sales tax is correct, their templates are correct, that the mapping from the accounts to their financial statements is correct, and that nothing got corrupted within their system.
  4. Do not assume that this breach only impacted data collected when CDK was down. Dealerships need to compare their May 31st closing balances to their June 1st opening balances to ensure there are no discrepancies.
  5. For any sales that did occur during this downtime, ensure that they were recorded accurately, and that sales tax was calculated correctly for the jurisdiction that you are in and are set to be remitted to the correct states. This will include reviewing all information from the manual sales to ensure all necessary accounting has been recorded.
  6. For anything done within the service department during downtime, make sure that all flag times were captured, and that this technician's time was recorded accurately.
  7. Dealerships need to be strict about warranty submissions because the factory will deny claims that are incorrect.
  8. If your dealership closed for the period that your DMS was down, you will need to determine if these employees will be paid as a courtesy or if they will need to utilize paid time off and work with HR to resolve any conflicts.
  9. Please note that the CDK cyberattack reaches beyond your own DMS.CDK aligns and integrates with other services and platforms. At the time of this writing, Tekion operations that integrate with CDK are suspended as a direct result of the cyberattack. Please be sure to remain on top of any other system or software that integrates with CDK to ensure data accuracy and due diligence.
  10. Get with your legal counsel to provide guidance as this incident continues to unfold. Counsel can understand the impacts on organizational risk and give clear advice on the appropriate response activities.
  11. Review your current agreement or contract for CDK services to see if they have any information noted in their liability or limitations for liability.
  12. Check your cyber policy, to see if it has Third Party liability insurance and applicable requirements. This may help to protect from potential lawsuits and legal costs if a data breach occurred on a third party's network or systems. If you're not sure contact your insurance provider and work with them to discuss current impact and options.
  13. Make sure to address any potential liabilities as this continues to unfold with respect to the incident's scope, such as if any sensitive information has been leaked.
    • What is the scope of the breach?
    • Did a data breach of my customer data occur?
    • What type of data was stolen or exposed?
    • Was sensitive data compromised or exploited?
    • What communications are required to notify customers?

Withum is on the ready to partner with Dealerships to help them navigate these challenges from both a transactions and compliance standpoint. These are our recommendations at the time of this writing. This situation is ongoing, and our recommendations are subject to change based on new developments.Please feel free to reach out to us with any questions or concerns.

Stuart T. McCallum, Partner and Practice Leader of Withum’s Dealership Services Team was interviewed by an auto industry reporter for Yahoo Finance to share insight on the CDK cyberattack. Read the interview here.

Authors: Michele D’Antonio | [email protected] and Jason Spezzano, Executive Cybersecurity Advisor | [email protected]

Contact Us

For more information on this topic, contact Withum’s Dealership Services Team.