Unbeknownst. to the general public, auto dealerships could easily rank as among the most appealing targets for cybercriminals, as these businesses are often responsible for a mix of financial, identity and vehicle-related information. In recent years, several cases have underscored just how vulnerable the automotive retail vertical can be. The Jetobra Inc. Data breach showcasing its impacts on customers from across its dealership family is one of the latest indications of rising risk. Each situation has its distinctions, but a pattern has increasingly become evident — all attackers are clearly demonstrating an increasing interest in those industries that hold high-value personally identifiable information (PII), while utilizing an outdated digital environment.
It is partially a byproduct of a fragmented dealership technology environment. Many auto groups continue to rely on dealer-management systems inherited from prior decades, IT environments inherited from prior environments, and software environments that were never designed with resistance to modern cyberthreats. As such, these systems do not have segmentation, do not undergo regular patching, and do not have strict access controls in place to impede attackers. The Jetobra case is but one example of how a single weak point of an outdated system can expose volumes of consumer information.
An Abundant Matrix of Sensitive Consumer Data
Dealerships collect far more personal information than the vast majority of retail businesses. When completing a car purchase, finance agreement, or a service contract, customers provide extensive information, such as:
- Full names and contact information
- Driver's license information
- Social Security numbers
- Insurance information
- Employment and income information
- Bank or finance account information
This makes dealerships attractive targets for cybercriminals as they are handsomely rewarded for data that can be used for identity theft, fake identity creation, tax fraud, and unauthorized financial transactions. Customers do not usually realize how much information is retained, and for how long, because the automotive sales process requires a degree of trust.
Legacy Dealer-Management Systems: A Structural Vulnerability
A large number of dealership networks continue to use legacy DMS systems that were never built for today’s cybersecurity environment. These systems frequently struggle with:
- Old encryption standards
- Weak or inconsistent access controls
- Limited audit logging and monitoring
- Slow patch cycles
- Integration with more modern security products
In addition to the cost and disruption associated with replacing these systems, dealerships have incentives to procrastinate. Cybercriminals tend to be well aware of the systems that are behind the current security standard, and legacy DMS environments draw these attacks in an ongoing pattern.
Greater Connectivity Creates More Entry Points
Most dealerships have a digital ecosystem that integrates broadly with third-party services, including banks, insurers, CRM platforms, manufacturers, parts suppliers, marketing vendors, and payment processors. Each integration increases risk exposure, and a single misconfiguration or compromise of vendor credentials may provide access to more critical systems.
This integration is a key reason why attackers see dealerships as low friction, high reward targets. Threat actors routinely gain access through supplier access, unsecured APIs, and uncoordinated administrative accounts.
Larger, Distributed Workforces Enhance Credential Risks
Dealerships may employ dozens or hundreds of employees or contractors in functional areas like sales, service, finance, reception, and management. Work is often fast-paced, and employees may operate with more access to systems than necessary. Common risks include:
- Shared or generic logins
- Weak passwords or password re-use
- Limited use of multi-factor authentication
- Employees falling prey to phishing attempts
Criminals often begin the attack cycle by obtaining credentials or via social engineering, especially in environments where robust identity-security controls have not been fully implemented.
The Pressure of Operations Reflects the Value of Ransomware
Dealerships rely on real-time operations in the digital space. When systems are down, they can take sales, financing, service scheduling, repair orders, and access to inventory, down with them. The time pressures associated with day-to-day operations makes dealerships prime targets for ransomware attacks, as criminals rely on the speed with which the victim will react to restore operations to the dealership.
In various industries where downtime directly impedes revenue and compromises customers' trust, it is widely understood that criminals can operate with a high degree of confidence due to their leverage.
Limited Staffing in Cybersecurity Functions and Governance
Dealerships are making significant investments in sales and service infrastructure, while, cyber staffing has only a fraction of that investment in the dealership. Many groups have two to three people in their IT teams, but often those same teams are also tasked with dealing with software problems, or network outages, or even compliance needs. Being resource limited inherently limits:
- Continuous Monitoring
- Proactive Threat Detection
- Regular Risk Assessments
- Timely Patch Management
- Effective Incident Response Planning
Cybercriminals know about these limitations and it has made the targeted automotive retail sector a regular target for opportunistic and organized criminals alike.
Buffeting Cyber Resilience Across the Dealership Sector
Dealerships are steadily adopting stronger appropriate security frameworks to address those attacks, including:
- Migrating to a modern DMS platform
- Enabling MFA for all accounts
- Ensuring proper encryption for all data at rest and in-transit
- Network segmentation
- Normalizing phishing and cyber training programs
- Creating stronger oversight of vendor management
- Establishing an incident response plan
While no single measure eliminates risk, a layered approach significantly reduces vulnerability and improves resilience.
