The CDK Global Breach Shut Down 15,000 Dealerships. The FTC Safeguards Rule Makes Compliance Mandatory. IT Center provides flat-rate managed IT built for the unique risks of auto retail — from DMS hardening to F&I data encryption. Serving Southern California since 2012.
In June 2024, a ransomware attack on CDK Global — the dominant DMS provider for U.S. auto dealers — became the largest-known cyberattack on the automotive retail sector. The damage exposed a fundamental truth: single-vendor dependency without layered security creates catastrophic operational risk.
Over 15,000 dealerships across the United States lost access to their DMS, CRM, financing portals, and service scheduling systems simultaneously. Sales ground to a halt. Service departments reverted to paper. The cascading effect reached OEM inventory pipelines, lender integrations, and title processing.
Industry analysts estimated total losses exceeding $1.02 billion across the dealer network — lost vehicle sales, stranded service revenue, emergency labor costs, and IT remediation. CDK Global reportedly paid approximately $25 million in ransom to the BlackSuit ransomware group, yet the outage persisted for weeks after payment.
The breach demonstrated that relying on a single cloud DMS provider without local resilience, offline backup, or network segmentation puts dealerships at the mercy of their vendor’s security posture. A breach in your vendor’s environment becomes your operational crisis — regardless of your own security practices.
The FTC Safeguards Rule, mandatory for auto dealers since June 2023, provides the compliance framework to reduce exactly this kind of risk at the dealership level. Dealers who had implemented Safeguards requirements — network segmentation, MFA, incident response plans, backup systems — recovered faster and suffered less damage during the CDK outage.
The FTC Safeguards Rule (16 CFR Part 314), effective June 9, 2023, classifies auto dealers as “financial institutions” under the Gramm-Leach-Bliley Act (GLBA). This is not optional. Non-compliance exposes your dealership to FTC enforcement, state attorney general action, and civil liability in the event of a breach.
Effective June 9, 2023 — compliance is not optional. The FTC can pursue civil penalties and enforcement actions. Class action litigation from affected customers following a breach is a growing risk. Dealerships of all sizes — independent used car lots to large franchise groups — are covered. IT Center builds and manages complete FTC Safeguards compliance programs so your dealership is protected and audit-ready.
IT Center has hands-on experience with all major Dealer Management Systems used by Southern California dealerships. We implement post-breach hardening, network segmentation, and backup strategies tailored to each platform’s architecture.
Every service below is included in IT Center’s flat-rate $300/computer user/month model. No per-incident billing. No surprise invoices. Your dealership gets enterprise-grade IT management purpose-built for the compliance and operational demands of auto retail.
We write and maintain your Written Information Security Plan from scratch — fully compliant with FTC Safeguards Rule requirements, tailored to your dealership’s operations, and updated annually.
Ongoing management and security hardening of your dealer management system environment — servers, workstations, integrations, and network connectivity. CDK post-breach hardening protocols included.
End-to-end encryption for all Finance & Insurance office systems, including at-rest encryption of DMS customer records and in-transit protection for lender transmissions and credit applications.
Comprehensive protection for Social Security numbers, income verification data, credit applications, and all nonpublic personal information under both FTC Safeguards and California CCPA requirements.
MFA rollout across all dealership systems — DMS, CRM, email, remote access, and OEM portals. We manage enrollment, exceptions, and enforcement policies to meet Safeguards requirements.
Logical and physical network separation between service, sales floor, F&I office, and administrative systems. Prevents lateral movement during a breach from spreading across the entire dealership network.
Mobile device management for service loaner vehicles with connected technology — asset tracking, remote wipe capability, and ensuring loaner devices do not expose customer data or dealership networks.
Documented, role-based security training for all dealership staff — sales, finance, service, and admin. Satisfies FTC Safeguards employee training requirement with trackable completion records.
Dealership-specific backup architecture including DMS data backups, offline copies, and tested recovery procedures — so a vendor outage like the CDK June 2024 incident does not leave you without operational data.
Written, tested incident response plan covering breach detection, containment, notification (including FTC reporting thresholds), and recovery. Annual tabletop exercises available to keep your team ready.
Around-the-clock monitoring of all dealership endpoints, servers, and network traffic. Threat detection, alerting, and automated response — protecting operations at every hour, including nights, weekends, and holiday sales events.
IT Center can serve as your designated Qualified Individual under the FTC Safeguards Rule — fulfilling the oversight requirement, producing the annual report to ownership or the board, and maintaining your complete compliance program on an ongoing basis.
The Finance & Insurance office processes more sensitive personal data than any other department in your dealership. Every credit application, every SSN, every income document — the F&I desk is a target. IT Center’s protection strategy treats the F&I office as a security zone within your dealership network.
Auto dealers collect the most comprehensive financial profiles of any retail business. A single F&I transaction captures full name, address, date of birth, Social Security number, income information, employment history, and credit account details — everything an identity thief needs in a single record.
The Red Flags Rule (16 CFR Part 681), enforced by the FTC, requires auto dealers to implement an Identity Theft Prevention Program (ITPP) — a written program to detect, prevent, and mitigate identity theft in connection with covered accounts.
The Finance & Insurance office triggers obligations under multiple federal and state frameworks simultaneously. IT Center’s F&I data protection program addresses every layer.
IT Center implements network isolation for F&I workstations, endpoint encryption, access controls limiting who can view or print customer financial data, DLP (data loss prevention) policies, and audit logging for every access event — providing a defensible compliance record in the event of FTC inquiry or customer litigation.
Questions IT Center hears from dealership owners, general managers, and office managers before they become clients.
IT Center reviews your current IT infrastructure, DMS environment, and FTC Safeguards compliance status at no cost. You receive a written findings report with specific remediation steps — whether or not you become a client. We have served businesses in Southern California since 2012.
Flat-rate pricing means you know your IT costs before you sign. No per-ticket fees. No surprise invoices. $300 per computer user per month covers everything — help desk, monitoring, DMS support, compliance documentation, and your Qualified Individual service.
Call directly: (888) 221-0098 ·
Email: [email protected]
1159 Pomona Rd Suite B · Corona, CA 92882
Complete the form and we will respond within one business day.