CDK Global Data Breach Lawsuit Filed After Cyberattack Shut Down Car Dealerships Nationwide

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit has been filed against CDK Global over the major car dealer software developer’s allegedly negligent failure to protect the litany of sensitive consumer information in its care, which was reportedly accessed without authorization in a massive June 2024 data breach.

Were you affected by the CDK Global cyberattack? Let us know here.

The 42-page CDK Global data breach lawsuit relays that the Illinois-based company, which develops the software used by most major car dealerships in North America, confirmed on June 19 that it was “actively investigating a cyber incident” and shut down most of its IT systems, impacting approximately 15,000 car dealers, out of “an abundance of caution and concern for our customers.”

According to the data breach lawsuit, the personally identifiable information accessed in the CDK Global ransomware attack, which reportedly occurred on or around June 18, includes names, addresses, Social Security numbers, driver’s licenses, credit card numbers and bank account details, all of which a consumer must provide when buying or leasing a vehicle from one of CDK’s clients.

The filing alleges that although the data breach was a known risk to CDK Global, the company negligently failed to implement adequate, reasonable cybersecurity measures to protect consumers’ information and stored the data in “a dangerous condition.” The suit contends that had CDK properly maintained and monitored its computer systems housing consumers’ information, the perpetrators would not have had unimpeded access to the sensitive data.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Once a consumer’s personally identifiable information is exposed, there is practically no way to ensure that it will be fully recovered or kept safe from future abuse, the suit shares. 

“Plaintiff’s and Class Members’ identities are now at risk because of Defendant’s negligent conduct since the Private Information that Defendant collected and maintained is now in the hands of data thieves,” the complaint stresses.

CDK Global’s SaaS platform aids all car dealership operations, from financing, payroll and inventory tracking to back-office administration and support and service. 

The CDK Global data breach lawsuit does not state how many consumers are believed to have been impacted by the ransomware attack.

EM360Tech reported on June 20 that CDK stated in an email to employees that it was “currently assessing the overall impact [of the data breach] and currently has no ETA” on getting its systems back up. The publication wrote that car buyers may experience delays with regard to loan approvals, finalizing purchases and test drives as a result of the cyberattack.

A June 23 Bloomberg report shares that CDK said it expects restoration of its platform to take “several days.”

The proposed class action looks to cover all persons in the United States whose private information was compromised in the CDK Global data breach.

Were you affected by the CDK Global cyberattack? Let us know here.