A cyberattack on CDK Global knocked key dealership management systems offline and disrupted operations at thousands of auto dealerships across the United States. Dealers reported being unable to access core functions for sales, financing, service, and vehicle records, forcing many to switch to manual paperwork and delaying transactions. After suffering two related intrusions, CDK also warned customers that threat actors were attempting social-engineering attacks against dealerships during the outage, raising concerns that criminals were exploiting the disruption to gain further access or steal information.
The outage quickly translated into major financial damage across the automotive retail sector. Industry estimates cited losses that could approach $1 billion, reflecting stalled vehicle sales, service delays, and operational backlogs. Separate reporting later said CDK Global was believed to have paid roughly $25 million in ransom to the attackers as the company worked to restore systems and stabilize customer operations, underscoring the scale of the incident and its downstream impact on the dealership ecosystem.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
A study reported that financial losses tied to the CDK outage could approach $1 billion for affected car dealerships. The estimate highlighted the scale of business interruption caused by the prolonged disruption.
A later report stated that CDK Global paid approximately $25 million in ransom to the hackers behind the attack. The payment was described as part of efforts to resolve the incident and restore operations.
After the two intrusions, CDK Global warned customers to watch for social-engineering and phishing attempts exploiting the incident. The company advised dealerships to be cautious of actors impersonating CDK or related support personnel.
While restoring services after the initial breach, CDK Global was reportedly struck by a second cyberattack, prolonging the outage and continuing disruption for dealerships. Reports indicated the incidents had broad operational impact across the automotive retail sector.
CDK Global experienced a cyberattack that forced it to take systems offline, disrupting software used by thousands of U.S. auto dealerships. The outage affected core dealership operations including sales, financing, and service workflows.
4 references tracked. Mallory keeps watching after this page renders.
motortrader.com
Open sourcefoxbusiness.com
Open sourcescmagazine.com
Open sourcebleepingcomputer.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.