CDK announced that "substantially all dealer connections are live on the core DMS" and that CDK CRM elite will begin a rollout process on Thursday. CDK directs customers to their Dealer Resource Center for more information about the restoration process. Dealers should be on alert for phishing scams and suspicious calls and e-mails. CDK employees “will not and have not been soliciting access or passwords to customers' systems or environments. Any request should be immediately treated as suspicious.” CDK tips for detecting phishing e-mails (including examples) are available here.
In addition, NADA reported that the FTC has accepted an NADA proposal made in coordination with CDK that permits CDK to file a consolidated breach notification with the FTC on behalf of its dealer clients if CDK determines that the FTC Safeguards Rule’s new federal notification requirement is triggered. Dealers therefore have no obligation to file a breach notification with the FTC related to this matter unless dealers opt out of this process. (Any dealer obligations to file breach notifications under state law are not affected by this proposal.) CDK has issued information on the topic to its dealer clients.
NADA continues to provide updates and guidance to assist dealers in responding to this incident and in strengthening their operations moving forward. As part of this process, we are providing information from the dealer accounting firm Forvis Mazars at this link.
As a reminder, there are several resources to help address data security and regulatory compliance, including:
The foregoing is offered for informational purposes only and is not intended as legal advice. Consult legal counsel who is familiar with applicable federal, state, and local law for specific guidance on legal requirements applicable to your operations.
NHADA has several partners who offer legal services to members, including: