PROVIDENCE – Several in-state auto dealers were "significantly inconvenienced" by a June cyberattack against software company CDK Global, says the Rhode Island Automobile Dealers Association.
Last month, two cyberattacks against Illinois-based CDK Global brought digital operations at auto dealers throughout North America screeching to a halt, the Associated Press reported, including major companies such as Ford, BMW and Stellantis.
CDK Global is a major player in the auto sales industry. The company provides software technology to dealers that helps with day-to-day operations – like facilitating vehicle sales, financing, insurance and repairs.
With more than 15,000 auto dealer locations throughout the continent using the software, the June 19 cyberattacks had far-reaching effects, as evidenced at some Ocean State dealerships, said Ted Kresse, executive vice president of RIADA.
"For those that were impacted, it was back to serving customers the old school ways with pens and pencils and filling out repair orders and sales transactions in writing," Kresse said in an email statement to PBN.
But not all Rhode Island auto dealers use CDK software, Kresse noted, and some were unscathed by the security breach.
Those that weren't so fortunate have "extra work updating their data and entering those transactions back into their systems now that CDK is back up," Kresse said, but added that the worst of the attack's consequences appear to be in the rearview at this point.
"All in all, those dealers using CDK seemed to have weathered the worst of it by now, but it certainly was a challenge for them for the past couple weeks," Kresse said.
Kresse did not specify Rhode Island dealerships that were impacted.
But at least one impacted company in the Ocean State was Grieco Automotive Group, which has locations in Rhode Island, Massachusetts and Florida. As of last week, the dealership hosted a pop-up message on its website advising customers of potential service delays due to the cyberattack.
If you've bought a car from a dealership that's used CDK software, cybersecurity security experts stress that it's important to assume your data may have been breached. That could potentially include “pretty sensitive information,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance noted, like your social security number, employment history, income and current or former addresses.
Those impacted should monitor their credit – or even freeze their credit as an added layer of defense – and consider signing up for identify theft monitor insurance. You'll also want to be wary of any phishing attempts. It's best to make sure you have reliable contact information for a company by visiting their official website, for example, as scammers sometimes try to take advantage of news about data breaches to gain your trust through look-alike emails or phone calls.
Those are some best practices to keep in mind whether you're a victim of CDK's data breach or not, Steinhauer said. "Unfortunately, in this day and age, our data is a valuable target – and you have to make sure that you’re taking steps to protect it,” he said.
Material from The Associated Press was used in this report.
Jacquelyn Voghel is a PBN staff writer. You may reach her at Voghel@PBN.com.