Car Dealerships In North America Revert To Pens and Paper After Cyberattacks (apnews.com) 37
An anonymous reader quotes a report from the Associated Press: Car dealerships in North America continue to wrestle with major disruptions that started last week with cyberattacks on a software company used widely in the auto retail sales sector. CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations. For prospective car buyers, that's meant delays at dealerships or vehicle orders written up by hand. There's no immediate end in sight, with CDK saying it expects the restoration process to take "several days" to complete. On Monday, Group 1 Automotive Inc., a $4 billion automotive retailer, said that it continued to use "alternative processes" to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also disclosed that they implemented workarounds to keep their operations going. [...]
Several major auto companies -- including Stellantis, Ford and BMW -- confirmed to The Associated Press last week that the CDK outage had impacted some of their dealers, but that sales operations continue. In light of the ongoing situation, a spokesperson for Stellantis said Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand. A Ford spokesperson added that the outage may cause "some delays and inconveniences at some dealers and for some customers." However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.
Group 1 Automotive Inc., which owns 202 automotive dealerships, 264 franchises, and 42 collision centers in the U.S. and the United Kingdom, said Monday that the incident has disrupted its business applications and processes in its U.S. operations that rely on CDK's dealers' systems. The company said that it took measures to protect and isolate its systems from CDK's platform. All Group 1 U.S. dealerships will continue to conduct business using alternative processes until CDK's dealers' systems are available, the company said Monday. Group 1's dealerships in the U.K. don't use CDK's dealers' systems and are not impacted by the incident. In regulatory filings, Lithia Motors and AutoNation disclosed that last week's incident at CDK had disrupted their operations as well. Lithia said it activated cyber incident response procedures, which included "severing business service connections between the company's systems and CDK's." AutoNation said it also took steps to protect its systems and data -- adding that all of its locations remain open "albeit with lower productivity," as many are served manually or through alternative processes.
Several major auto companies -- including Stellantis, Ford and BMW -- confirmed to The Associated Press last week that the CDK outage had impacted some of their dealers, but that sales operations continue. In light of the ongoing situation, a spokesperson for Stellantis said Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand. A Ford spokesperson added that the outage may cause "some delays and inconveniences at some dealers and for some customers." However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.
Group 1 Automotive Inc., which owns 202 automotive dealerships, 264 franchises, and 42 collision centers in the U.S. and the United Kingdom, said Monday that the incident has disrupted its business applications and processes in its U.S. operations that rely on CDK's dealers' systems. The company said that it took measures to protect and isolate its systems from CDK's platform. All Group 1 U.S. dealerships will continue to conduct business using alternative processes until CDK's dealers' systems are available, the company said Monday. Group 1's dealerships in the U.K. don't use CDK's dealers' systems and are not impacted by the incident. In regulatory filings, Lithia Motors and AutoNation disclosed that last week's incident at CDK had disrupted their operations as well. Lithia said it activated cyber incident response procedures, which included "severing business service connections between the company's systems and CDK's." AutoNation said it also took steps to protect its systems and data -- adding that all of its locations remain open "albeit with lower productivity," as many are served manually or through alternative processes.
Re: They paid the ransom (Score:1)
I don't think slashdot is real anymore, at least on phones. I turn on desktop, but phone UI is still there, and the URL has an m. prefix, even if I delete it.
Under my user, there are no settings to change. I wanted to check if I had had show .sig turned off, but there are no settings to change.
Google links to Slashdot settings go to empty pages. Are there servers having problems, or is this consolidation?
Re: (Score:1)
Given the message you replied to, maybe Slashdot didn't pay the ransom!
user-agent (Score:4, Informative)
I don't think slashdot is real anymore, at least on phones. I turn on desktop, but phone UI is still there, and the URL has an m. prefix, even if I delete it.
The mobile version of slashdot is different than the desktop display, and is determined by the browser's user-agent. Spoof the user-agent if you want.
Re: (Score:1)
Re: (Score:2)
I think that I get it to work by using desktop mode and disabling JavaScript.
Maybe Greer's "Retrotopia" novel was prescient? (Score:2)
https://www.goodreads.com/en/b... [goodreads.com]
"The year is 2065. Decades ago, the United States of America fell apart after four brutal years of civil war, and the fragments coalesced into new nations divided by economic and political rivalries. Most of the post-US America is wracked by poverty and civil strife, with high-tech skyscrapers rising above crowded, starving slums -- but one of the new nations, the Lakeland Republic of the upper Midwest, has gone its own way, isolated from the rest by closed frontiers and tra
Re: (Score:3)
so it's basically ecotopia fanfic
Re: (Score:2)
"Looks like everything's paid for in advance"
How?
Re: (Score:2)
Good question. The "Carr" character is a government representative. Presumably his government paid for the two week stay somehow. Good question how money is transferred between these nations though -- whether by check via some common financial institution across borders, by gold, by commodity barter, or by someway else.
On the other hand, and as I read the story previously maybe ten years ago so I don't recall all of it, it's also possible the Lakeland Republic being visited by Carr had paid for Carr's stay
Re: (Score:2)
I have no idea why this is downvoted. Paying in the ransom simply shows others that this is a lucrative market to attack.
Re: (Score:3, Interesting)
Re: (Score:2)
Outsourcing the outsourcing (Score:4, Interesting)
Car dealers outsource everything to CDK:
But CDK doesn't actually do anything ... it just outsources everything to someone else
Re: (Score:2)
Re: (Score:1)
Manufacturing is the same way and it goes levels deep.
A Korean automaker partnered with a US based software company for the self driving systems. The US company had the physical hardware built by another global engineering firm. I was hired by that engineering firm to offer on site support to the software company. I wasn't even paid directly by said firm, the engineering company contracted my position to a placement company, who ultimately signed my paycheck. My boss and "office" wasn't even in the same cou
Re: (Score:2)
First day of new job, "So when we interviewed you, you said you studied this in school so it should be familiar"
Spends first day looking over company code
Wait... I recognize this. I got a C on it!
Re: (Score:2)
PENCILS ARE BETTER (Score:1)
How's that Cloud workin' fer ya now? (Score:2)
a spokesperson for Stellantis said Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand.
If that "writing up orders by hand" part is true in the literal pen-and-paper sense, then I have no sympathy for them.
I can see an ordering workflow that uses forms resident on local computers, with some fields available to be filled in via either data from a remote server or, optionally, via a local keyboard. That would eliminate the pen-and-paper part - you could then email the finished orders, or print and snail-mail them if email is down.
But if you're in the position of "cloud servers are down" or "inte
Re: How's that Cloud workin' fer ya now? (Score:2)
So your argument is that car dealers need to have multiple automated means to place car orders/sell cars because, as just happened, their lone automated system failed.
I haven't been keeping to close an eye on the auto industry IT situation, but this is probably the first time an issue of this type has EVER hit auto retailers in the last 40-50 years. Tgat they can fall back to a paper process isn't that big a deal, it's not hard to place an order for a new car, and most auto sales are handled from dealer sto
Re: (Score:2)
So your argument is that car dealers need to have multiple automated means to place car orders/sell cars because, as just happened, their lone automated system failed.
No. My argument is that the "lone automated system" should support local input so that when the servers are available the program can still be used - with essentially the same workflow - to print out and/or email the orders.
I haven't been keeping to close an eye on the auto industry IT situation, but this is probably the first time an issue of this type has EVER hit auto retailers in the last 40-50 years.
CDK Global, the software provider, has only been in business for ten years. That means they grew up in the era of escalating cyber-attacks and should have made their product able to function at a basic level without access to the servers.
paper 4 square worksheet for the win now with more (Score:2)
paper 4 square worksheet for the win now with more clutter on it to confuse you even more.
Expect this to be more common... (Score:1)
So, car dealerships outsourced to one provider (CDK), who apparently outsourced it to another (Genpact).
Now who in this chain does the security buck stop with? If a building is broken into because everything is stored in file cabinets in a front room and the doors are unlocked, it would be obvious who would have legal issues.
Cloud providers are lucky. They have the ability to hide that they are breached, or even modify customer configurations so they can say the customer failed at keeping their pants zipp
Re:Expect this to be more common... (Score:4, Informative)
In theory it should be who you paid. You paid for their expertise, but they'll pass the buck to he OS/library no doubt.
If the retailer of the service can't afford the forfeit then they shouldn't be in business.
I don't think I've ever seen a thread on slashdot go so downvoted. Would a group be trying to burry this? Most of the comments don't seem that unreasonable to me.
Provided "software"?? (Score:5, Insightful)
If CDK Global only provided software to auto dealers, then their getting clobbered by ransomware shouldn't have affected the dealers, who could happily have continued running the on-prem software, right? Right? Right... ?
No, it seems CDK Global provided cloud services to dealers, which means they didn't own their own tools and were completely dependent on a third party (or even fourth, fifth, sixth parties...) for a vital part of their workflow.
Cloudveat Emptor
Carma? (Score:2)
That's the kind of slimy deal a used-car sales-person would pull.
sure, but hey, everybody's doing it (Score:2, Interesting)
It's called sub-contracting. It's commonly done in defence, telecommunications, and hi-tech manufacturing, to name only 3 industries.
I have my doubts they really can run their busnesses with pen and paper. How many years now? so..plus car dealership "management"... ha ha.. pretty corny
Global fucking economy. (Score:2)
Now it looks like they plan to pay the ransom. Um excuse me, that should be a) an automatic ban from US customers doing further business with CDK and b) if CDK is an actual US company, an instant revocation of their Corporate Protections.
Our fucking capitalist Corporate-monopoly economy sucks ass.
Now ... (Score:2)
Well deserved!! (Score:2)
I you can't do your own ... (Score:2)
... mission-critical IT, then don't do it at all. ... I guess.
We IT experts all know this problem: A system you do not have under your own control 100% is useless for anything mission-critical. Don't put anything into the cloud that isn't safe by up-to-date crypto-standards and basic rules of data-integrity. Don't put anything in the Cloud that you can't get back out of the Cloud in a workday with time to spare. Do backups and (regularly tested) disaster-recovery, both on- and offsite. Have a fall-back sys
Interesting stylistic choice (Score:2)
What I find most interesting about this submission is the use of the plural of "pens" in the headline. I'm by no means saying that it is grammatically incorrect; just that it's stylistically a departure from the phrase "pen and paper" as the only way I've heard it expressed my entire life.
Of course, nobody else will probably find it the least bit interesting. As you were.