How the CDK Hack Hit Equipment Dealer Operations
The cyberattacks downed management systems at equipment and auto dealerships across North America, with some reporting lost business...
In late June, media reports of “cyber incidents” impacting dealer management system (DMS) provider CDK Global began to circulate. The cyberattacks downed management systems at equipment and auto dealerships across North America.
Initially, the company was able to restore its core dealer management system (DMS) and Digital Retailing solutions, only for an additional attack to occur later that day that “proactively shut down most of our systems," according to a report from Equipment World’s sister publication, Truck, Parts and Service.
Kim Rominger, CEO of the North American Equipment Dealers Association, gave the following statement to Equipment World on July 12 regarding the hack:
“The breach took place at the CDK level, not at the dealership level,” he says. “We understand that the cybersecurity attack was to demand a ransom from CDK, not so to access our customer information. That is unconfirmed at this time, but we are closely monitoring it.
“We understand that most dealers on CDK are back up and running at some level, and this is improving every day. Our association has provided guidelines to dealers to help them get back up and running in a secure way. Also, not every dealer is using CDK in our industry. There are five other providers, and they haven't been impacted, so it’s not as widespread as in the auto industry.
“It has been frustrating for our dealers, as they have had to do a manual process for invoicing, securing parts, managing inventory and repair, but they are doing a great job of it. We understand that this is also frustrating for our customers, and we ask for their patience as we work through it. Dealers report that we are close to being back up in full.”
CDK Global gave the following statement to Equipment World on July 12:
“All major applications are now available. We are thankful to our customers, partners and employees for their partnership.”
CDK allegedly paid a ransom to the hackers on June 21 via a traced bitcoin payment — then valued at $25 million — to a cryptocurrency account controlled by hackers affiliated with a type of ransomware called BlackSuit, according to a CNN report.
CDK Global CEO Brian MacDonald has stated dealers can expect some form of financial compensation for the effects of the hack, according to CBT News.
Following the attacks, VitalEdge appointed Judith Tigner as Chief Operating Officer and Michael Geraghty as Vice President of Global Support on July 9, part of the company’s “significant investments and enhancements in its client support infrastructure, reinforcing its commitment to delivering exceptional service worldwide.”
Partial Shutdowns, Lost Business
The hack at CDK affected different equipment dealers in different ways, according to Marc Johnson, a principal at CPA firm Pinion, who works primarily with equipment dealers and distributors.
Many were unable to use IntelliDealer, a reporting feature within the VitalEdge Technology (formerly e-Emphasys) DMS. Heavy equipment and industrial machinery software provider e-Emphasys announced its merger with CDK Global Heavy Equipment in May 2023. e-Emphasys later changed its name to VitalEdge Technologies in January 2024.
Since the IntelliDealer system is spun off from CDK, says Johnson, many equipment dealers were able to continue operating with partial access to their management systems.
“If equipment dealers had been on full CDK, like the auto dealers, they would have been completely shut down,” he says. “For the most part, what I saw was they were having trouble generating reports and having to go back to old versions of generating reports. But some of the dealers, for whatever reason, it also really impacted their parts department. They were having to do a lot of hand-written tickets just to get it into the system.”
Chris Wackman, president of 13-store Texas Kubota and New Holland dealership WCTractor, says, “We had to come up with a bunch of workarounds to keep the doors open. It was a mess, but our guys survived. Customers were pissed, but we did what we could to keep them happy. Mostly they were just annoyed by the inconvenience.”
Since Wackman says the dealership was already taking cybersecurity seriously, he’s not sure there’s a lesson to learn from the hack.
“We certainly lost business because of their mess,” he says. “We also racked up some serious IT bills while trying to get us so that we could operate. We are just treating it as a sunk cost, and we are moving forward.”
Financial Impact
Equipment dealers impacted by the hack will most likely see the financial results down in the line in their net income and margins rather than immediately lost revenue, says Johnson.
“The sales guys are saying, ‘Hey, we're going to keep selling no matter what happens, and then we'll just figure out the reporting part later,’” Johnson says. “We probably sold stuff at the wrong price. And we probably missed some tickets, and guys from the shop probably came and got parts, put them on machines, and it didn't get recorded.
“I’m guessing it'll be more of a margin issue, and, unfortunately, this is a bad margin year anyway, between labor being up and inflation hitting us on parts and wholegoods. Margins are already tight.”
A Lesson in Cybersecurity
Johnson predicts equipment dealers will be more diligent in the future about preparing themselves to continue operating if another hack shuts them down and that many will add alternative reporting options to their DMS. What he doesn’t want is for dealers to revert to old “hacking-proof” methods of operating as a knee-jerk reaction.
“There will probably be add-on products joining the market now saying, ‘Here's another place to generate reports!’” Johnson says. “The last thing I want to see is people having an adverse reaction to technology and everything goes back to Excel. CFOs, that might be their gut reaction, but ultimately, you’ve got to have these more robust reporting systems.”
The hack is a lesson in the importance of educating staff on cybersecurity best practices, says Johnson, since the entire situation began with a small mistake at an auto dealership.
“One part of why the whole CDK hack went down was some auto shop employee somewhere clicked the wrong button, and the hacker got in through a dealership,” he says. “We definitely want to make sure we've trained people. That's the biggest thing right now.”