CDK Cyber Incident Update: Actions Your Dealership Should Consider
CDK announced that "substantially all dealer connections are live on the core DMS" and that CDK CRM elite will begin a rollout process on Thursday. CDK directs customers to their Dealer Resource Center for more information about the restoration process. Dealers should be on alert for phishing scams and suspicious calls and e-mails. CDK employees “will not and have not been soliciting access or passwords to customers' systems or environments. Any request should be immediately treated as suspicious.” CDK tips for detecting phishing e-mails (including examples) are available here.
PARTNER SPOTLIGHT
F & I/Aftermarket Products, Insurance, Automotive Technology Training & Compliance
A NHADA Diamond PARTNERDealer Management System, Computer Technology, Media/Advertising, Automotive Auction, F & I/Aftermarket Products, Automotive Technology Training & Compliance
A NHADA Platinum PARTNERComputer Technology, Automotive Shop Equipment, Environmental Services
A NHADA Platinum PARTNERF & I/Aftermarket Products, Automotive Technology Training & Compliance, Environmental Services
A NHADA Diamond PARTNERIn addition, NADA reported that the FTC has accepted an NADA proposal made in coordination with CDK that permits CDK to file a consolidated breach notification with the FTC on behalf of its dealer clients if CDK determines that the FTC Safeguards Rule’s new federal notification requirement is triggered. Dealers therefore have no obligation to file a breach notification with the FTC related to this matter unless dealers opt out of this process. (Any dealer obligations to file breach notifications under state law are not affected by this proposal.) CDK has issued information on the topic to its dealer clients.
NADA continues to provide updates and guidance to assist dealers in responding to this incident and in strengthening their operations moving forward. As part of this process, we are providing information from the dealer accounting firm Forvis Mazars at this link.
As a reminder, there are several resources to help address data security and regulatory compliance, including:
- NADA Safeguards Rule Driven Guide (LOG-IN REQUIRED)
- FTC Cybersecurity Basics
- Cybersecurity and Infrastructure Security Agency (CISA) resources
The foregoing is offered for informational purposes only and is not intended as legal advice. Consult legal counsel who is familiar with applicable federal, state, and local law for specific guidance on legal requirements applicable to your operations.
NHADA has several partners who offer legal services to members, including: