November 5, 2025
3
min read
Robbie Harriman

Guard Against CDK-Related Security Risks

Editor
Robbie Harriman
Category
FTC Safeguards
Date
November 5, 2025
Share:
Twitter
Instagram
LinkedIn

By Nick Reed, Dave Cantor-Adams, Jeff Harms and Robbie Harriman.

Heightened Vigilance Advised

As you may be aware, CDK systems have recently been affected by a cyberattack. This is a “shields up” advisory to be on alert for any suspicious activity that may be related to the attack or activity deriving from attackers seeking to take advantage of the uncertainty.

To contain the situation, CDK has shut down some of its systems starting on the morning of June 19, which is impacting service. CDK customers should have received a notice, and may note a disruption during this time. If you are a CDK client, your primary concerns will likely include the protection of customer information in compliance with FTC Safeguards, as well as the continuity of service. CDK has set up an automated message line for updates on the situation: 1(855) 356-3270. 

It is recommended that users refrain from using CDK systems until CDK confirms services have been restored and are safe to use. Attackers may exploit this situation to conduct a “supply chain” attack, further spreading the impact of access they have gained within CDK’s systems. They might also target auto dealers who are desperate to restore operations, tempting them to bypass security measures or overlook suspicious activities. 

Be vigilant for phishing attempts, as attackers may pose as “CDK support.” Watch for red flags in emails, such as unusual requests, a sense of urgency, threats, suspicious attachments, and links. Verify any unexpected communication through secondary channels, such as calling a known CDK number or directly contacting your service representative. 

Utilize system monitoring tools to detect any anomalies and take action accordingly. Ensure your environment is properly updated with the latest security patches to protect against the exploitation of vulnerabilities. 

As far as next steps, we recommend confirming the details of the incident with CDK to understand how it might affect you as further details are made available. If you haven’t already, contact your service representative at CDK and look for any official bulletins released by CDK via email (be sure to verify the identity of any sender). We advise also monitoring incoming calls from anyone claiming to be a CDK representative, especially requests to share screens or other forms of remote network access.

Don’t hesitate to reach out to OCD Tech for assistance with any security concerns you may have: ftc@ocd-tech.com

Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

OCD Tech

25 BHOP, Suite 407, Braintree MA, 02184

844-623-8324

https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
SOC 2 ® Readiness Assessment
SOC 2 ®
SOC 3 ®
SOC for Cybersecurity ®
IT Advisory Services
IT Vulnerability Assessment
Penetration Testing
Privileged Access Management
Social Engineering
WISP
General IT Controls Review
IT Government Compliance Services
CMMC
DFARS Compliance
FTC Safeguards vCISO

Industries

Financial Services
Government
Enterprise
Auto Dealerships

Blog
Category

Guard Against CDK-Related Security Risks

By  
Robbie Harriman
June 20, 2024
3
min read
Share this post

By Nick Reed, Dave Cantor-Adams, Jeff Harms and Robbie Harriman.

Heightened Vigilance Advised

As you may be aware, CDK systems have recently been affected by a cyberattack. This is a “shields up” advisory to be on alert for any suspicious activity that may be related to the attack or activity deriving from attackers seeking to take advantage of the uncertainty.

To contain the situation, CDK has shut down some of its systems starting on the morning of June 19, which is impacting service. CDK customers should have received a notice, and may note a disruption during this time. If you are a CDK client, your primary concerns will likely include the protection of customer information in compliance with FTC Safeguards, as well as the continuity of service. CDK has set up an automated message line for updates on the situation: 1(855) 356-3270. 

It is recommended that users refrain from using CDK systems until CDK confirms services have been restored and are safe to use. Attackers may exploit this situation to conduct a “supply chain” attack, further spreading the impact of access they have gained within CDK’s systems. They might also target auto dealers who are desperate to restore operations, tempting them to bypass security measures or overlook suspicious activities. 

Be vigilant for phishing attempts, as attackers may pose as “CDK support.” Watch for red flags in emails, such as unusual requests, a sense of urgency, threats, suspicious attachments, and links. Verify any unexpected communication through secondary channels, such as calling a known CDK number or directly contacting your service representative. 

Utilize system monitoring tools to detect any anomalies and take action accordingly. Ensure your environment is properly updated with the latest security patches to protect against the exploitation of vulnerabilities. 

As far as next steps, we recommend confirming the details of the incident with CDK to understand how it might affect you as further details are made available. If you haven’t already, contact your service representative at CDK and look for any official bulletins released by CDK via email (be sure to verify the identity of any sender). We advise also monitoring incoming calls from anyone claiming to be a CDK representative, especially requests to share screens or other forms of remote network access.

Don’t hesitate to reach out to OCD Tech for assistance with any security concerns you may have: ftc@ocd-tech.com

Share this post
Robbie Harriman

Similar articles

FTC Safeguards

FTC Safeguards Compliance for Auto Dealers

OCD Tech
March 26, 2025
9
min read
FTC Safeguards

Understanding FTC Safeguards and Why They Are Required

OCD Tech
August 1, 2024
6
min read
FTC Safeguards

FTC Safeguards Compliance: Why Defense in Depth is Key for Auto Dealers

Nick Reed
July 18, 2024
4
min read
FTC Safeguards

FTC Safeguards Rule

OCD Tech
June 13, 2024
5
min read
View all
Company
About UsBlog
About
Privacy policyCookies Settings
CONTACT US
25 Braintree Hill Office Park, Suite 407
Braintree MA, 02184info@ocd-tech.com844-623-8324
Copyright © 2025 OCD Tech