CDK Incident Sparks Phishing Scams - Reports
Scammers Taking Advantage of CDK Incident
As ComplyAuto previously warned about, CDK customers should be aware of bad actors attempting to take advantage of the CDK incident, including via potential 'bandwagon' phishing attempts. Reports have emerged stating that bad actors are sending communications falsely claiming to be CDK employees who can help get dealerships back online. Dealer employees should be aware of these phishing attempts in order to protect the dealer's accounts and systems from these secondary bandwagon attacks.
Data Breach Reporting Refresher
In this video, ComplyAuto's Brad Miller addresses questions received from numerous dealers about their potential obligations if it is determined that customer data has been breached. Note that as of the time of publication on June 20, 2024, there is not currently any evidence that suggests consumer data was compromised as part of the CDK incident.
As ComplyAuto previously warned about, CDK customers should be aware of bad actors attempting to take advantage of the CDK incident, including via potential 'bandwagon' phishing attempts. Reports have emerged stating that bad actors are sending communications falsely claiming to be CDK employees who can help get dealerships back online. Dealer employees should be aware of these phishing attempts in order to protect the dealer's accounts and systems from these secondary bandwagon attacks.
Data Breach Reporting Refresher
In this video, ComplyAuto's Brad Miller addresses questions received from numerous dealers about their potential obligations if it is determined that customer data has been breached. Note that as of the time of publication on June 20, 2024, there is not currently any evidence that suggests consumer data was compromised as part of the CDK incident.
PARTNER SPOTLIGHT
F & I/Aftermarket Products, Insurance, Automotive Technology Training & Compliance
A NHADA Diamond PARTNERDealer Management System, Computer Technology, Media/Advertising, Automotive Auction, F & I/Aftermarket Products, Automotive Technology Training & Compliance
A NHADA Platinum PARTNERComputer Technology, Automotive Shop Equipment, Environmental Services
A NHADA Platinum PARTNERF & I/Aftermarket Products, Automotive Technology Training & Compliance, Environmental Services
A NHADA Diamond PARTNERHere is a brief summary of the points Brad discusses
- Potential reporting under federal regulations
- FTC recently amended the Safeguards Rule to include a requirement to report to the FTC any "notification event" (commonly referred to as a "breach") involving 500 or more customers' unencrypted data as soon as possible, and no later than 30 days after discovery of the event.
- Dealer must report the breach even if it happened at a vendor.
- FTC reports are public information. - Potential reporting under state law
- Definitions, timeframes, and reporting thresholds differ among the states.
- State laws often require a dealer to provide customer notification, and a dealer may also have to notify a state agency.
(Check out the ComplyAuto breach reporting wizard tool for more information.) - Business Interruption Insurance Coverage
Dealers whose operations are impacted by the CDK systems being down might consider exploring whether they have business interruption coverage under any of their insurance policies that could provide relief for expenses and losses arising from the interruption in business resulting from the outage. Each insurance policy is different and historically business interruption coverage was associated with physical casualties (e.g., fire damage), but in recent years some cyber insurance policies have included business interruption coverage.