In a hack so large that it will significantly impact US auto sales for the month of June, more than 15,000 car dealerships have been hit by a cyberattack that has taken many of them back to using pen and paper. 

None of the dealerships in question did anything wrong themselves, instead it was the fault of CDK Global, a third-party vendor that provides sales, financing, and payroll systems. When CDK was shut down following a cyberattack, the dealerships found themselves suddenly unable to process loan applications or submit documents to various state and local motor vehicle agencies. 

In addition to highlighting the risk a third-party vendor can pose, this incident also demonstrates the disaster recovery planning in the industry… or the lack thereof, as many dealerships have had to close entirely as they had no procedures in place for losing their third-party sales and financing vendor.

While this is certainly not the first time a third-party vendor has caused an incident like this, it is certainly the largest and most expensive such incident in a long time, with some major auto retailers already warning of an impact to their financial statements. Auto sales are a major part of the economy and the projected monthly sales declines due to this incident could be significant.

You can never fully eliminate the risk assumed when you work with a third-party vendor, but conducting the proper due diligence beforehand can help you avoid trouble… and a good disaster recovery plan that you test regularly can be invaluable if you don’t manage to avoid it.