SCAMMERS TAKING ADVANTAGE OF THE CDK INCIDENT
CDK customers should be aware of bad actors attempting to take advantage of the CDK incident, including via potential ‘bandwagon’ phishing attempts. Reports have emerged stating that bad actors are sending communications falsely claiming to be CDK employees that can help get dealerships back online. Dealer employees should be aware of these phishing attempts in order to protect the dealer’s accounts and systems from these secondary bandwagon attacks.
DATA BREACH REPORTING
Potential reporting under federal regulations – FTC recently amended the Safeguards Rule to include a requirement to report to the FTC any “notification event” (commonly referred to as a “breach”) involving 500 or more customers’ unencrypted data as soon as possible, and no later than 30 days after discovery of the event. The Dealer must report the breach even if it happened at a vendor. Please note all FTC reports are public information.
Potential reporting under state law – Definitions, timeframes, and reporting thresholds differ among the states. State laws often require a dealer to provide customer notification, and a dealer may also have to notify a state agency.
BUSINESS INTERRUPTION INSURANCE COVERAGE
Dealers whose operations are impacted by the CDK systems being down might consider exploring whether they have business interruption coverage under any of their insurance policies that could provide relief for expenses and losses arising from the interruption in business resulting from the outage. Each insurance policy is different and historically business interruption coverage was associated with physical casualties (e.g., fire damage), but in recent years some cyber insurance policies have included business interruption coverage
OUR AUTO DEALERSHIP CLIENTS
For those of you who have subscribed to our Webroot and MDR solution: We want you to know that we are carefully monitoring your local computer networks 24X7 for any malicious activity. If any malicious activity occurs, we will lock down and/or remediate it. This is a serious incident and we want you to know that we are treating it as such. As mentioned above please do not take direction from anyone representing themselves as a CDK employee unless you personally know them and can verify you are speaking with that specific person. We do not know how long the CDK systems will be offline but we will pass along any new information we can as we receive it.
1650 Manheim Pike, Suite 204, Lancaster, PA 17601
(717) 509-4410
INFORMATION TECHNOLOGY SERVICES