Trade Law Daily is a Warren News publication.

CDK Global Did Not Protect User Data During Ransomware Attack: Class Action

CDK Global, a software provider for North American car dealerships, failed to take the necessary steps to protect Coby Hester’s and class members’ personally identifiable information (PII), Hester's negligence class action alleged Thursday (docket 1:24-cv-05377) in U.S. District Court for…

Sign up for a free preview to unlock the rest of this article

Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.

Northern Illinois. CDK was hired to protect PII and is responsible for the software behind most major car dealerships in North America, the complaint said, citing a June 20 article in Enterprise Management 360 about a June 18 ransomware attack at CDK that reportedly reached 15,000 car dealerships. CDK acknowledged the breach on June 19 when it told car dealers it was investigating a “cyber incident.” The company “shut down most" systems and was “diligently trying to get everything up and running as quickly as possible,” the article said. CDK experienced a second cyber incident on June 19 and told dealers it was “again proactively shutting down most of our systems.” An employee of Northwest Dodge, Hester provided CDK with his PII, including name, address, Social Security number, driver’s license, and financial details, the complaint alleged. The Houston plaintiff is careful about sharing his PII and storing documents containing his PII in a safe, secure location, it added. Hester asserts claims of negligence and negligence per se, breach of third-party beneficiary contract and fiduciary duty and unjust enrichment.