CDK Global Did Not Protect User Data During Ransomware Attack: Class Action
CDK Global, a software provider for North American car dealerships, failed to take the necessary steps to protect Coby Hester’s and class members’ personally identifiable information (PII), Hester's negligence class action alleged Thursday (docket 1:24-cv-05377) in U.S. District Court for Northern Illinois. CDK was hired to protect PII and is responsible for the software behind most major car dealerships in North America, the complaint said, citing a June 20 article in Enterprise Management 360 about a June 18 ransomware attack at CDK that reportedly reached 15,000 car dealerships. CDK acknowledged the breach on June 19 when it told car dealers it was investigating a “cyber incident.” The company “shut down most" systems and was “diligently trying to get everything up and running as quickly as possible,” the article said. CDK experienced a second cyber incident on June 19 and told dealers it was “again proactively shutting down most of our systems.” An employee of Northwest Dodge, Hester provided CDK with his PII, including name, address, Social Security number, driver’s license, and financial details, the complaint alleged. The Houston plaintiff is careful about sharing his PII and storing documents containing his PII in a safe, secure location, it added. Hester asserts claims of negligence and negligence per se, breach of third-party beneficiary contract and fiduciary duty and unjust enrichment.