top of page

The CDK Cyber Attack: A Call to Arms for the Accounting Office

During my early years in the car business, I wore many hats, and one thing became clear: the accounting office often becomes the clean-up crew when problems arise. Today, technology and automation have reduced these issues, but the recent CDK cyber attack has brought a whole new level of chaos.

The Impact of the CDK Cyber Attack

This breach is unprecedented. Once the dust settles, likely in months, the accounting office will be left to piece together the financial puzzle from sales, service, and parts to restore order. With the “End of the Month” here, new car dealerships must produce monthly financial statements as required by manufacturers and lenders. The chances of having a June financial statement are slim.

Why Did the CDK Cyber Attack Happen?

ADP Dealer Services, a once-great DMS provider, evolved into CDK Global through mergers and private equity investments. Private equity often targets cost-centers like Information Security (Infosec) first. When ransomware attacks occur, it's often revealed that backups were neglected, and legacy systems are beyond recovery.

A cybersecurity expert I spoke with noted a few probable issues:

  • No backups, or outdated and untested ones.

  • Lack of knowledge on restoring backups.

  • Nonexistent or outdated disaster recovery plans.

  • Multiple single points of failure in the infrastructure.

  • Unawareness of the extent of the compromise.

I'm frustrated with how ADP Dealer Services has been handled by private equity, and the real pain is felt by the dealership staff who still have to serve customers and make sales.

dealership data breach

Paying the Ransom and Preferred Vendor Programs

Reports indicate CDK will pay millions in ransom. This won’t be the last ransomware attack. The “Preferred Vendor” program, a franchise system where manufacturers vet vendors, has its flaws. It can be anti-innovation, favoring larger vendors who can pay fees over smaller, potentially higher-quality vendors.

CDK is a “Preferred Vendor,” which raises questions about the security audits and regular monitoring protocols for such vendors. CDK’s outdated infrastructure, shaped by corporate cost-cutting, left data vulnerable to cybercriminals.

Restoring Records Post-Breach

After paying the ransom, it may take weeks or months to restore data, likely with gaps. Switching to a new DMS vendor is complicated without access to the hostage data. Once back online, the accounting office will face the monumental task of manually inputting data from the downtime. This process, especially for busy dealerships, will be arduous and time-consuming.

Organization is Key

Stores with high sales volumes will face significant delays. Inventory verification for vehicles and parts will be necessary to prevent theft and ensure accuracy. Properly recorded transactions should land in their respective GL accounts, and bank reconciliations will provide a roadmap to ensure checks and balances.

Moving Beyond the Breach

This breach has exposed the inadequacies in managing data and has violated the vendor-manufacturer-dealer relationship. Questions about adherence to crisis protocols and annual audits for preferred vendors remain unanswered. Lawsuits from dealers, consumers, and employees are expected.

Proactive Measures

Dealers should contact their Cyber Liability Policy carriers to discuss coverage. It's essential to rely on qualified experts to devise a long-term data security plan rather than depending solely on vendors.


This CDK cyber attack is a stark reminder of the importance of robust data security and crisis protocols. The accounting office’s perseverance will be crucial in restoring order. Dealers must seek expert advice and ensure due diligence to protect their data and maintain operational integrity in the future.

0 views0 comments


bottom of page