CDK Global, a key provider of cloud-based software for auto dealerships, suffered a severe ransomware attack this week, disrupting operations for thousands of dealerships across North America. The attack has crippled vital systems used for managing vehicle sales, financing, repairs, and customer relations.

Although CDK Global has initiated restoration efforts, it currently anticipates that full functionality for all dealers may not be restored until at least June 30. As dealerships struggle with this disruption, Fox Rothschild is here to provide essential guidance on maintaining compliance and minimizing operational impacts during this challenging period.

Current Situation

The ransomware attack significantly impacted CDK Global's operations, forcing many dealerships to revert to manual processes. Despite ongoing restoration efforts, only a small group of dealers has had some systems restored. Key applications, including dealer management systems, customer relationship management (CRM) solutions, and service solutions, remain down for many dealerships.

Practical Tips for Coping During the Outage

Implement Manual Processes

• Sales and Orders: Revert to paper methods for processing sales orders and service requests. Ensure all transactions are meticulously documented to facilitate system updates once restored.
• Inventory Management: Maintain manual logs of inventory movements, sales, and acquisitions. This will aid in reconciling records post-restoration.
• Customer Communication: Use alternative communication channels, such as emails and phone calls, to keep customers informed about the status of their orders and services.

Financial Management

• Month-End Close: CDK Global has advised dealerships to prepare for alternative month-end financial close processes. Utilize manual accounting methods to track financial activities and ensure compliance with regulatory requirements.
• Cash Flow Management: Monitor cash flow closely, considering potential delays in revenue collection due to the disrupted systems. Explore short-term financing options if necessary.

Service Operations

• Prioritize Essential Services: Focus on providing essential services, such as oil changes and basic maintenance, which can be managed with minimal system dependencies.
• Customer Service: Maintain a high level of customer service by keeping customers informed about delays and providing alternative solutions where possible.

Legal and Compliance Considerations

Data Protection and Privacy

• Customer Data: Ensure that any manual records of customer data are stored securely and comply with data protection regulations. Avoid storing sensitive information in unprotected formats.
• Data Breach Notifications: Monitor any updates from CDK Global regarding data breaches. Be prepared to notify customers and relevant authorities if a breach affecting customer data is confirmed.

Contractual Obligations:

• Review Contracts: Examine contracts with customers and suppliers to understand obligations and potential liabilities arising from service disruptions. Communicate proactively with affected parties to manage expectations and negotiate temporary adjustments if necessary.
• Insurance Coverage: Check insurance policies for coverage related to cyber incidents and business interruptions. Engage with insurance providers to explore potential claims for losses incurred during the outage. Consider hiring an insurance adjuster to take the lead in any disputes.

Support From Fox Rothschild

At Fox Rothschild, we understand the complexities and challenges that auto dealerships face during such disruptions. Our team is available to provide legal support and guidance to help you navigate this crisis while ensuring compliance with all legal and regulatory requirements.

Our services include:

• Regulatory Compliance: Ensuring adherence to data protection, privacy laws, and other relevant regulations during the system outage.
• Contractual and Insurance Review: Assisting with the review of contracts and insurance policies to manage liabilities and explore compensation options.
• Incident Response and Crisis Management: Advising on immediate actions to mitigate the impact of the ransomware attack and supporting recovery efforts.

For further assistance or to discuss specific concerns, please contact Joseph S. Aboyoun at 973.548.5049 or jaboyoun@foxrothschild.com; Seth L. Dobbs at 973.992.9125 or sdobbs@foxrothschild.com; or Michael G. Menkowitz at 215.299.2150 or mmenkowitz@foxrothschild.com.