The CDK Global data breach data breach is just the latest incidence of consumer data being compromised. These kinds of data breaches are unfortunate, but they could happen to any company, which is why any business that collects consumer data should have a plan for what to do after a data breach. Car dealerships and other merchants of considered purchases are no exception.
Even if you do everything in your power to keep customer data safe, breaches can happen. Data breach remediation is a lot like an evacuation plan. It works best when you’ve thought carefully about what could go wrong.
What is a Data Breach?
A data breach is any event that results in private personal information (ppi) being taken without permission from the system owner. Cybersecurity data breaches happen when bad actors access information they do not have permission to see or use or when they limit access by those who do have permission to use the data.
For example, a ransomware attack like the one leveraged against CDK Global - a car dealer software developer - on June 18, steals and holds data until the system owner pays a ransom. According to NNC Group’s annual cyber threat monitor report, ransomware attacks increased 84% between 2022 and 2023.
Data security breaches may also be caused by:
- Malware - software designed to disrupt computer systems or steal information
- Phishing - email, text, or other messages designed to fraudulently gain data or passwords
- Denial of service attacks - malicious shutdown of a system or network
- Password guessing
All of these types of cybersecurity attacks can allow bad actors to gain access to data, or prevent authorized users from accessing their data.
Are Companies Liable for Data Breaches?
Certain businesses, including some car dealerships, may be subject to the FTC Safeguards rule. This regulation requires covered institutions to have information security programs to protect customer information. Failure to enact such safeguards can result in fines and other penalties.
When data breaches happen, consumers often blame the company responsible for holding the data. In the case of CDK Global a proposed class action lawsuit has been filed. The lawsuit alleges that CDK Global did not do enough to protect the data of car dealerships and their customers.
Unfortunately, even with the best laid plans, it may not be possible to completely avoid all data breaches. What matters is that you have reasonable safeguards in place, and respond appropriately when a breach does occur.
Data Breach Remediation: First Steps
The actions you take immediately after a data breach can limit the impact and help maintain customer trust. Acting swiftly and decisively can also help you avoid potential lawsuits and penalties. You should have an incident response plan — both to fulfill the FTC Safeguards rule requirements and to guide your response after an incident.
1. Notify the Incident Response Team
Document the date, time and any information you have about the scope or source of the breach. Share this information with the incident response team.
2. Close the Breach
Take affected equipment offline to avoid additional losses. Do not shut off equipment until the incident response team instructs you to do so. In some cases, restarting a breached piece of equipment can cause additional losses. Change credentials and passwords.
3. Assess the Scope of the Damage
Inspect your systems to understand the scope of the damage. Which data was lost or compromised? Which areas of the business were affected?
4. Notify Affected Customers and Key Governing Bodies
Tell customers about the breach as soon as you have all of the information. Let them know which information is or may have been compromised. Outline how you are handling the situation and what you will do to prevent future breaches.
5. Apply Lessons Learned
Your organization can learn from a data breach. Evaluate and assess the situations to understand why the breach occurred and how to prevent future issues.
The Right Partners Can Help Safeguard Data
Make sure every vendor you work with holds high privacy and data security standards. Launch Labs takes privacy and information security seriously. We strictly and conservatively apply privacy and data security guidelines to protect our clients and their customers.
We’ve stepped in to help support dealers affected by the CDK data breach, providing their data directly from Ignite until access to their other systems is restored.
Learn more about how Ignite by Launch Labs helps you collect and use customer data, while respecting privacy and cybersecurity concerns, schedule your free demo today.
Out of this world marketing insights. Subscribe now.
Join our cosmic crew for stellar insights, exclusive offers, and a dash of interstellar humor. Your inbox is about to get an intergalactic upgrade.
What You Can Do To Regain Trust After a Data Breach
The CDK Global data breach data breach is just the latest incidence of consumer data being compromised. These kinds of data breaches are unfortunate, but they could happen to any company, which is why any business that collects consumer data should have a plan for what to do after a data breach. Car dealerships and other merchants of considered purchases are no exception.
Even if you do everything in your power to keep customer data safe, breaches can happen. Data breach remediation is a lot like an evacuation plan. It works best when you’ve thought carefully about what could go wrong.
What is a Data Breach?
A data breach is any event that results in private personal information (ppi) being taken without permission from the system owner. Cybersecurity data breaches happen when bad actors access information they do not have permission to see or use or when they limit access by those who do have permission to use the data.
For example, a ransomware attack like the one leveraged against CDK Global - a car dealer software developer - on June 18, steals and holds data until the system owner pays a ransom. According to NNC Group’s annual cyber threat monitor report, ransomware attacks increased 84% between 2022 and 2023.
Data security breaches may also be caused by:
- Malware - software designed to disrupt computer systems or steal information
- Phishing - email, text, or other messages designed to fraudulently gain data or passwords
- Denial of service attacks - malicious shutdown of a system or network
- Password guessing
All of these types of cybersecurity attacks can allow bad actors to gain access to data, or prevent authorized users from accessing their data.
Are Companies Liable for Data Breaches?
Certain businesses, including some car dealerships, may be subject to the FTC Safeguards rule. This regulation requires covered institutions to have information security programs to protect customer information. Failure to enact such safeguards can result in fines and other penalties.
When data breaches happen, consumers often blame the company responsible for holding the data. In the case of CDK Global a proposed class action lawsuit has been filed. The lawsuit alleges that CDK Global did not do enough to protect the data of car dealerships and their customers.
Unfortunately, even with the best laid plans, it may not be possible to completely avoid all data breaches. What matters is that you have reasonable safeguards in place, and respond appropriately when a breach does occur.
Data Breach Remediation: First Steps
The actions you take immediately after a data breach can limit the impact and help maintain customer trust. Acting swiftly and decisively can also help you avoid potential lawsuits and penalties. You should have an incident response plan — both to fulfill the FTC Safeguards rule requirements and to guide your response after an incident.
1. Notify the Incident Response Team
Document the date, time and any information you have about the scope or source of the breach. Share this information with the incident response team.
2. Close the Breach
Take affected equipment offline to avoid additional losses. Do not shut off equipment until the incident response team instructs you to do so. In some cases, restarting a breached piece of equipment can cause additional losses. Change credentials and passwords.
3. Assess the Scope of the Damage
Inspect your systems to understand the scope of the damage. Which data was lost or compromised? Which areas of the business were affected?
4. Notify Affected Customers and Key Governing Bodies
Tell customers about the breach as soon as you have all of the information. Let them know which information is or may have been compromised. Outline how you are handling the situation and what you will do to prevent future breaches.
5. Apply Lessons Learned
Your organization can learn from a data breach. Evaluate and assess the situations to understand why the breach occurred and how to prevent future issues.
The Right Partners Can Help Safeguard Data
Make sure every vendor you work with holds high privacy and data security standards. Launch Labs takes privacy and information security seriously. We strictly and conservatively apply privacy and data security guidelines to protect our clients and their customers.
We’ve stepped in to help support dealers affected by the CDK data breach, providing their data directly from Ignite until access to their other systems is restored.
Learn more about how Ignite by Launch Labs helps you collect and use customer data, while respecting privacy and cybersecurity concerns, schedule your free demo today.