The plaintiffs, who are employees or customers of car dealerships that use CDK tools, allege CDK did not adequately protect customer data and that the personal information of tens of thousands of people was likely exposed in the hack.
Tucson, Arizona-resident Omar Aviles, an employee of Asbury Automotive Group, one of CDK Global's roughly 15,000 clients, has filed a proposed class-action suit against the Illinois-based company, alleging it failed to protect the "litany of highly sensitive personal identifiable information" it had stored about former and current auto dealership clients and their customers and employees.
The trove of data was exposed due to CDK's "insufficiently protected computer systems," according to the complaint, filed in district court in Illinois.
On its website, CDK touts its cybersecurity capabilities, promising to "stop cyberattacks in their tracks."
"CDK Cybersecurity Solutions provide a three-tiered cybersecurity strategy to prevent, protect and respond to cyberattacks so you can defend your dealership," the website states.
Social Security numbers exposed
The suit, by contrast, claims that CDK "had no effective means to prevent, detect, stop or mitigate breaches of its systems — thereby allowing cybercriminals unrestricted access to its current and former clients'" personal data. That data includes Social Security numbers, employment history, driver's license info, financial account details and more.
The security failure stems from CDK's inadequate training of its own employees on on cybersecurity, the lawsuit claims. As a result, Aviles "fears for his personal financial security and worries about what information was exposed in the data breach" and is suffering from "anxiety, sleep disruption, stress, fear and frustration."
The collection of suits are seeking damages, as well as for CDK to better protect customer information.
"It's a disaster"
A second lawsuit from a group of dealers including Formula Sports Cars, Prestige Motor Car Imports, Bill Holt Chevrolet of Canton, Bill Holt Chevrolet of Blue Ridge and a pair of consumers, also claims CDK was negligent in protecting its clients. "CDK has failed to uphold its promises and responsibilities that it made throughout the course of its marketing campaigns making users feel at ease," the suit states in part.
"It's a disaster," said one affected dealer quoted in the lawsuit, in describing the toll of the breach on his business. "Customers are coming in, we're selling cars, but we can't book the deals , can't finance the deals or get them to the banks. Which means we cannot fund the cars or pay off the cars," he said.
Like stitching up a wound without cleaning it
After CDK was first breached, it restored its systems, only to be hacked a second time. In their suit, the dealers compare CDK's decision to restore systems without resolving underlying security issues to "a doctor stitching up a wound without first removing all the debris."
"Just as a wound not properly cleaned would lead to more infections and prolonged healing, CDK's rush to restore its system led to more breaches and, in turn, left car dealerships exposed to financial losses for longer periods of time," the lawsuit states.
CDK has not indicated if it will compensate affected dealerships for any financial losses or potential exposure to identity theft as a result of the cyberattack. A spokesperson for the company did not immediately respond to CBS MoneyWatch's request for comment on the lawsuits.
Get updates delivered to you daily. Free and customizable.
Welcome to NewsBreak, an open platform where diverse perspectives converge. Most of our content comes from established publications and journalists, as well as from our extensive network of tens of thousands of creators who contribute to our platform. We empower individuals to share insightful viewpoints through short posts and comments. It’s essential to note our commitment to transparency: our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. We strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation. Join us in shaping the news narrative together.
Comments / 0