Ford Authority

CDK Suffers Second Cyberattack To Dealer Management System

As Ford Authority previously reported, CDK Global – which serves close to 15,000 automotive dealerships in the U.S. – shut down most of its systems following a cyberattack that occurred early yesterday morning. The company then set out to determine the scope of the damage from that attack, as well as figure out how to patch any holes that might be present in its software. However, that process hit a bit of a snag later in the day as well.

Ford Sinal Alphaville Brazil EV Dealership

According to Automotive News, CDK suffered a second cyberattack late yesterday evening, which prompted it to once again shut its systems down. This has impacted dealers in a big way, with many trying to figure out how to continue selling and servicing vehicles – in many cases, forcing them to revert to old fashioned methods. “People these days seem to have forgotten how to use a pencil,” said Ed Morse Automotive Group CEO Teddy Morse. “We can still take the customer’s information; we can still write down their concerns. We can still take a piece of paper and walk it over to the technician and get the job done.”

“We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th,” CDK said. “Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external third-party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th.”

Ford Sinal Alphaville Brazil EV Dealership

In recent years, as automobiles become more and more connected and digitized, concerns over cybersecurity have followed. Ford has worked to get ahead of potential cyberattacks in a number of ways, while various U.S. government agencies attempt to do the same. Regardless, there’s still some work to be done, as is evidenced by these widespread cyberattacks.

We’ll have more on this cyberattack soon, so be sure and subscribe to Ford Authority for 24/7 Ford news coverage.

Brett's lost track of all the Fords he's owned over the years and how much he's spent modifying them, but his current money pits include an S550 Mustang and 13th gen F-150.

Subscribe to Ford Authority

For around-the-clock Ford news coverage

We'll send you one email per day with the latest Ford updates. It's totally free.


  1. David Dickinson II

    Sounds like a probing attack to me. Now, what happens when these cyberattacks are launched against the vehicles themselves as they are going down the road?

    1. MP

      This attack is against the dealer’s management system. It is not against Ford, or any other vehicle specific programs. There’s nothing in the systems that were hacked that would have any connection to the vehicles. It’s not even brand specific. It’s a third party system that dealers choose to use it to simplify their operations.
      It’s not a “probing” attack. It is a ransomware attack and they are asking for something like 80 million dollars. Now if it was an attack on Ford’s corporate computer system I’d be more inclined to agree with you.

      1. David Dickinson II

        I wasn’t trying to make an immediate connection to the vehicles but am pointing out the inherent weaknesses of where modern vehicles are and where manufacturers want to take them. Even now many (most?) steering wheels are not physically connected to the wheels. They are glorified joysticks. How long before a cyber criminal or nation-state actor has vehicles making a hard left during rush hour traffic?

  2. whypac

    All of this is exactly why automobiles should be closed systems. No remote diagnostics. No OTA updates. No phoning home with vehicle status.

  3. Bruce Holberg

    So, MP, how’s that bucket of whitewash holding out? Of course it was both a ransomeware AND a probing attack. Especially the first of the two. No, it didn’t selectively hit Ford, and I am sure that is of immeasurable comfort to Ford dealers and customers who were put out of commission by the attack. When ransomware attackers started to hit hospitals it was not a one and done proposition. This may not be either.

  4. CG

    Where’d you hear 80 million?


Leave a comment