CDK Global, a key provider of cloud-based software for auto dealerships, suffered a severe ransomware attack this week, disrupting operations for thousands of dealerships across North America. The attack has crippled vital systems used for managing vehicle sales, financing, repairs, and customer relations.

Although CDK Global has initiated restoration efforts, it currently anticipates that full functionality for all dealers may not be restored until at least June 30.

Current Situation

The ransomware attack significantly impacted CDK Global's operations, forcing many dealerships to revert to manual processes. Despite ongoing restoration efforts, only a small group of dealers has had some systems restored. Key applications, including dealer management systems, customer relationship management (CRM) solutions, and service solutions, remain down for many dealerships.

Practical Tips for Coping During the Outage

Implement Manual Processes

• Sales and Orders: Revert to paper methods for processing sales orders and service requests. Ensure all transactions are meticulously documented to facilitate system updates once restored.
• Inventory Management: Maintain manual logs of inventory movements, sales, and acquisitions. This will aid in reconciling records post-restoration.
• Customer Communication: Use alternative communication channels, such as emails and phone calls, to keep customers informed about the status of their orders and services.

Financial Management

• Month-End Close: CDK Global has advised dealerships to prepare for alternative month-end financial close processes. Utilize manual accounting methods to track financial activities and ensure compliance with regulatory requirements.
• Cash Flow Management: Monitor cash flow closely, considering potential delays in revenue collection due to the disrupted systems. Explore short-term financing options if necessary.

Service Operations

• Prioritize Essential Services: Focus on providing essential services, such as oil changes and basic maintenance, which can be managed with minimal system dependencies.
• Customer Service: Maintain a high level of customer service by keeping customers informed about delays and providing alternative solutions where possible.

Legal and Compliance Considerations

Data Protection and Privacy

• Customer Data: Ensure that any manual records of customer data are stored securely and comply with data protection regulations. Avoid storing sensitive information in unprotected formats.
• Data Breach Notifications: Monitor any updates from CDK Global regarding data breaches. Be prepared to notify customers and relevant authorities if a breach affecting customer data is confirmed.

Contractual Obligations:

• Review Contracts: Examine contracts with customers and suppliers to understand obligations and potential liabilities arising from service disruptions. Communicate proactively with affected parties to manage expectations and negotiate temporary adjustments if necessary.
• Insurance Coverage: Check insurance policies for coverage related to cyber incidents and business interruptions. Engage with insurance providers to explore potential claims for losses incurred during the outage. Consider hiring an insurance adjuster to take the lead in any disputes.

[View source.]