CDK Cyber Security Resource Guide |
The CATA encourages dealerships to formally send their concern to CDK Global and then document that communication. Here is a sample letter:
Assured Partners: CDK Cyber Attack Fallout (Overview) Many dealers nationwide have experienced significant disruptions in business and outages due to a cyber attack on CDK Global’s dealer management system. At this point, it is too early to say what exactly happened, but it is being termed a significant cyber attack. The company voluntarily shut down its core systems in a cautionary move and attempted to restore most of them yesterday afternoon. As of this morning many dealer systems were still not operational. It is not yet clear as to the extent of the intrusion or what data may have been compromised so the scope and a requirement to respond is not yet clear. At this time, CATA Allied Member Assured Partners is advising all impacted dealers to report the breach to their cyber liability carrier to ensure timely reporting and response to the breach. There are several coverages in the cyber liability insurance form that may provide protection for dealers impacted by the breach. One being Dependent Business Income loss triggered by a dependent system failure. It is a Privacy Breach, Security Breach or Administrative Error that triggers this coverage, and it appears that CDK Global is an Outsourced Service Provider who has experienced a Security Breach. In most cases the time element waiting period to for a dependent business interruption claim has expired triggering potential loss and restitution of loss income due to the outage to the dealers effected. As the scope of the breach unfolds and it is determined what if any customer data has been compromised, Privacy laws may require notification to any affected parties. Most cyber liability forms provide coverage for notification. Current review of the CDK contract to determine whether CDK or the dealerships will be responsible for complying with notification in accordance with state and federal privacy laws. Assured Partners also anticipates that this event will be a recordable incident under the FTC Safeguards Rule. The CATA and Assured Partners will have additional guidance on this as the scope of the claim unfolds in the coming days. If you have any questions, you can contact Chris Schrement (chris.schrementi@assuredpartners.com) at Assured Partners. Vitu CDK Cyberattack & Manual Title Processing For dealerships affected by the recent CDK cyberattack, the CATA's recommended digital titling solution, Vitu, provides a way to manually process vehicle titles despite the dealership's DMS being down. For more information, please call the Vitu customer support line at (312) 883-2332. Dealer Forms Available For those impacted by the CDK cyber attack, Reynolds & Reynolds has dealer forms available for immediate shipment. Those forms include the following:
Reynolds & Reynolds customers can order HERE. Non-Reynolds & Reynolds customers can call 1-800-344-0996 to order. In addition, the CATA offers dealers the following forms free at www.CATA.info:
KPA Dealership Resources for Compliance This week's cyberattack on CDK Global has been disruptive and stressful, highlighting the urgent need for robust cybersecurity and data privacy measures in our industry. This incident underscores the importance of protecting sensitive customer information, maintaining regulatory compliance, and ensuring business continuity. Dealers are likely feeling the pressure to ensure their data privacy and cybersecurity structures are sound. To assist, CATA Recommended Partner KPA has put together some helpful resources and information:
In light of the CDK cyberattack, it's crucial to fortify cybersecurity and data privacy measures. KPA is here to help safeguard dealership data and maintain customer trust. Whether it’s an on-site compliance consultant visit to ensure customers’ personal information isn’t left on a desk or using our state-of-the-art Privacy & Safeguards Solution, KPA remains your dedicated partner in keeping people safe and staying compliant. Please reach out to us at 866-356-1735 or info@kpa.io if you have any questions. Illinois DOR Issues Due to CDK Outage Dealers that are experiencing issues filing taxes due to the CDK cyber attack are encouraged to use MyTax to file vehicle sales taxes. Most dealers should have at least one employee with access to their ST-556 account on MyTax. If dealers are unable to use MyTax for operational or other reasons during the outage and receive a bill, they may request penalty waiver by sending an explanation to rev.salestaxcorrespondence@illinois.gov. The email should include:
Please note that this email box is for responses to letters only and cannot respond to account questions. If dealers have specific questions on a return, they should call 1-217-785-6606 to speak to a member of my staff. For general taxpayer assistance questions, they may call 800-732-8866. CVR Customers: Procedures for Processing Title & Registration Through the Secretary of State For CVR customers only…the Secretary of State provided us information on procedures for processing title & registration with the SOS. Before processing an application for title and registration, a dealer must first process the tax payment through mytax.illinois.gov.
Once the paperwork has been completed, please mail all documents to:
CDK Cyber Incident: Ensuring Data Protection & Compliance (Webinar) The cyberattack on CDK has put a spotlight on the growing threat of cyberattacks on the automotive industry and the urgent need for enhanced cybersecurity measures. If your dealership has been impacted by the breach or are concerned about your own cybersecurity initiatives, join KPA and Assured Partners on Thursday, June 27th. CDK's Cyber Incident: The Dealer's Insurance and Compliance Obligations KPA's Adam Crowell, Esq. and Assured Partners' Chris Schrementi, will discuss:
Speakers:
FTC’s Guide for Business Data Breach Response Data Breach Response: A Guide for Business | Federal Trade Commission (ftc.gov) |