CDK suffered another data breach as it was attempting to recover

Was CDK trying to recover too fast after cyberattack?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Car dealer software provider CDK has allegedly suffered a second cyberattack - as it was trying to recuperate from the first one.

As a result of this follow-up attack, the company was forced to turn most of its services back offline and now says it doesn’t know how long it will take for it to restore the system.

In the meantime, many major car dealerships in the United States have been paralyzed, not being able to sell or service vehicles properly. They are operating manually, with pen and paper, and are only able to work on basic things.

No deadline

No deadline

CDK Globalrecently reported suffering a cyberattack, which forced it to shut parts of its infrastructure down. Less than 24 hours later, it started to bring some services back online, including CDK Phones, DMS, and Digital Retail services. Unify and DMS logins were also made available, soon after.

However, it seems to company got ahead of itself a little bit, as restoring the services resulted in a secondary attack:

“We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th,” reads a CDK notification seen byBleepingComputer.

“Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts.” While, at the time, the company aimed for Friday to restore its systems, it later said it didn’t have an ETA:

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available likely for several days,” the company said.

There is currently no indication that it was aransomwareattack, or if any data was stolen. However, given the disruption caused, it’s quite possible.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Sonos Arc Ultra review: the best one-box Dolby Atmos soundbar for the price, with one grating flaw