CDK Global
Company Details
Linkedin ID:
cdknorthamerica
Website:
Employees number:
8,041
Number of followers:
149,324
NAICS:
5112
Industry Type:
Homepage:
cdkglobal.com
IP Addresses:
0
Company ID:
CDK_2834552
Scan Status:
In-progress
CDK Global Company CyberSecurity Posture
cdkglobal.com
CDK Global is a leading provider of retail technology and software as a service (SaaS) solutions that help dealers and auto manufacturers run their businesses more efficiently, drive improved profitability and create frictionless purchasing and ownership experiences for consumers. Today, CDK serves nearly 15,000 retail locations in North America.
CDK Global A.I CyberSecurity Scoring
CDK Global Risk Score (AI oriented)Between 650 and 699
CDK Global
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CDK Global Global Score (TPRM)XXXX
CDK Global
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CDK Global Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
CDK Global, LLC
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On September 23, 2024, the Maine Attorney General's Office reported a data breach involving CDK Global, LLC. The breach, discovered on June 19, 2024, involved unauthorized access to their systems. The incident potentially affected 36 individuals, including one resident, with compromised information including names, addresses, and tax identification numbers. CDK has offered identity theft protection services for 24 months following the incident.
CDK
Ransomware
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: In 2024, automotive software firm CDK suffered a significant ransomware attack that affected thousands of car dealerships across the US and Canada. This cyber incident led to extensive financial repercussions for its customers as dealership operations were disrupted. The incident reflects the growing risk associated with third-party vendors and the substantial impact their security failings can have on client businesses.
CDK Global Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CDK Global
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for CDK Global in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CDK Global in 2025.
Incident Types CDK Global vs Software Development Industry Avg (This Year)
No incidents recorded for CDK Global in 2025.
Incident History — CDK Global (X = Date, Y = Severity)
CDK Global cyber incidents detection timeline including parent company and subsidiaries
CDK Global Company Subsidiaries
CDK Global is a leading provider of retail technology and software as a service (SaaS) solutions that help dealers and auto manufacturers run their businesses more efficiently, drive improved profitability and create frictionless purchasing and ownership experiences for consumers. Today, CDK serves nearly 15,000 retail locations in North America.
Loading...
CDK Global Similar Companies
Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global compa
Booking.com
A career at Booking.com is all about the journey, helping you explore new challenges in a place where you can be your best self. With plenty of exciting twists, turns and opportunities along the way. We’ve always been pioneers, on a mission to shape the future of travel through cutting edge techno
Epic
Join us in our mission to help the world get well, help the world stay well, and help future generations be healthier. We hire smart and motivated people from all academic majors to code, test, and implement healthcare software that hundreds of millions of patients and doctors rely on to improve ca
Upwork is the world’s work marketplace that connects businesses with independent talent from across the globe. We serve everyone from one-person startups to large, Fortune 100 enterprises with a powerful, trust-driven platform that enables companies and talent to work together in new ways that unloc
Thomson Reuters
Thomson Reuters is the world’s leading provider of news and information-based tools to professionals. Our worldwide network of journalists and specialist editors keep customers up to speed on global developments, with a particular focus on legal, regulatory and tax changes. Our customers operat
Daraz is the leading e-commerce marketplace across South Asia (excluding India). Our business covers four key areas – e-commerce, logistics, payment infrastructure and financial services – providing our sellers and customers with an end-to-end commerce solution. With access to over 500 million custo
PhonePe Group is India’s leading fintech company, proudly recognized as India’s #1 Trusted Digital Payments* Brand for three consecutive years. Our flagship product, the PhonePe app was launched in August 2016, has rapidly become the preferred consumer payments app in India. In just eight years, Pho
HubSpot
HubSpot is a leading CRM platform that provides software and support to help businesses grow better. Our platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth. Today, thousands of customers around th
The Bosch Group is a leading global supplier of technology and services. It employs roughly 417,900 associates worldwide (as of December 31, 2024). According to preliminary figures, the company generated sales of 90.5 billion euros in 2024. Its operations are divided into four business sectors: Mobi
.png)
CDK Global CyberSecurity News
November 17, 2025 04:53 PM
Cybersecurity at the Dealership in 2025: Closing the Confidence Gap in a High-Risk Landscape
As cyberthreats continue to evolve, car dealerships remain vulnerable despite growing awareness and investment. Learn key insights from...
October 15, 2025 07:00 AM
Dealer software firms boost cyber defenses after CDK hack shakes industry
About 1200 Canadian dealerships were affected by the CDK cyberattack.
June 26, 2025 07:00 AM
In our opinion: A year after CDK cyberattacks, some dealers haven’t learned their lesson
It's been one year since cybersecurity attacks on CDK Global crippled retailers, but some dealers still aren't putting enough effort into...
June 19, 2025 07:00 AM
CDK Global cyberattacks: Lessons learned 1 year later
CEO Brian MacDonald said CDK is stronger after the June 2024 ransomware attacks: “We are making sustained investments to work to stay ahead...
June 19, 2025 07:00 AM
CDK lawsuits merged into 2 cases for nondealer businesses, dealer customers and employees
The June 2024 CDK Global ransomware attack touched off a flurry of federal litigation by dealerships, customers, employees and other...
May 28, 2025 07:00 AM
Watch out for these third-party cybersecurity weak spots - Buffalo Business First
Thousands of car dealerships across the country were paralyzed last year when a ransomware attack took down CDK Global, the company that...
May 15, 2025 07:00 AM
4 crucial lessons learned from the CDK cyber attack
Let us take a look at the four important lessons learnt from the ransomware attack on the third-party service provider, CDK Global LLC.
March 08, 2025 05:02 AM
Hackers are Increasingly Targeting Auto Dealers
In late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers.
February 03, 2025 08:00 AM
Ransomware hits the educator sector: lessons learned for schools and risk professionals
A cybersecurity incident involving a key vendor to primary schools is a reminder of the growing cyber risks schools and other organizations can face.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CDK Global CyberSecurity History Information
Official Website of CDK Global
The official website of CDK Global is http://www.cdkglobal.com/.
CDK Global’s AI-Generated Cybersecurity Score
According to Rankiteo, CDK Global’s AI-generated cybersecurity score is 657, reflecting their Weak security posture.
How many security badges does CDK Global’ have ?
According to Rankiteo, CDK Global currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CDK Global have SOC 2 Type 1 certification ?
According to Rankiteo, CDK Global is not certified under SOC 2 Type 1.
Does CDK Global have SOC 2 Type 2 certification ?
According to Rankiteo, CDK Global does not hold a SOC 2 Type 2 certification.
Does CDK Global comply with GDPR ?
According to Rankiteo, CDK Global is not listed as GDPR compliant.
Does CDK Global have PCI DSS certification ?
According to Rankiteo, CDK Global does not currently maintain PCI DSS compliance.
Does CDK Global comply with HIPAA ?
According to Rankiteo, CDK Global is not compliant with HIPAA regulations.
Does CDK Global have ISO 27001 certification ?
According to Rankiteo,CDK Global is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CDK Global
CDK Global operates primarily in the Software Development industry.
Number of Employees at CDK Global
CDK Global employs approximately 8,041 people worldwide.
Subsidiaries Owned by CDK Global
CDK Global presently has no subsidiaries across any sectors.
CDK Global’s LinkedIn Followers
CDK Global’s official LinkedIn profile has approximately 149,324 followers.
NAICS Classification of CDK Global
CDK Global is classified under the NAICS code 5112, which corresponds to Software Publishers.
CDK Global’s Presence on Crunchbase
No, CDK Global does not have a profile on Crunchbase.
CDK Global’s Presence on LinkedIn
Yes, CDK Global maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cdknorthamerica.
Cybersecurity Incidents Involving CDK Global
As of November 28, 2025, Rankiteo reports that CDK Global has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
CDK Global has an estimated 26,673 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CDK Global ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on CDK
Description: In 2024, automotive software firm CDK suffered a significant ransomware attack that affected thousands of car dealerships across the US and Canada. This cyber incident led to extensive financial repercussions for its customers as dealership operations were disrupted. The incident reflects the growing risk associated with third-party vendors and the substantial impact their security failings can have on client businesses.
Type: Ransomware Attack
Title: CDK Global Data Breach
Description: Unauthorized access to CDK Global systems potentially affecting 36 individuals, including one resident, with compromised information including names, addresses, and tax identification numbers.
Date Detected: 2024-06-19
Date Publicly Disclosed: 2024-09-23
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware Attack CDK408030225
Systems Affected: Car dealership operations
Operational Impact: Disruption of dealership operations
Incident : Data Breach CDK047072825
Data Compromised: Names, Addresses, Tax identification numbers
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Tax Identification Numbers and .
Which entities were affected by each incident ?
Incident : Ransomware Attack CDK408030225
Entity Name: CDK
Entity Type: Automotive Software Firm
Industry: Automotive
Location: USCanada
Customers Affected: Thousands of car dealerships
Incident : Data Breach CDK047072825
Entity Name: CDK Global, LLC
Entity Type: Company
Customers Affected: 36
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CDK047072825
Type of Data Compromised: Names, Addresses, Tax identification numbers
Number of Records Exposed: 36
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Attorney General's OfficeDate Accessed: 2024-09-23.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-06-19.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, tax identification numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were addresses, tax identification numbers and names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 36.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Maine Attorney General's Office.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cdknorthamerica' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
