Dealerships Vulnerable to Hack Attacks

by Jim Leman, Dec. 31, 2014 - Wards Dealer Business

Malware can steal customer social security numbers from finance and insurance department computers.

With malware known as Keylogger placed into a finance and insurance computer by a hacker, a cyberthief may capture every social security number you type in.

The malicious invader transmits to the thief every 3-digit, 2-digit, 4-digit keystroke pattern for SSNs.

Computer-security experts say most dealership networks lack even some of the most basic security protection to prevent such theft. Off-the-shelf antivirus and anti-malware software, while helpful, don’t adequately protect against today’s aggressively creative cybercriminals.

“Without a network protected against hackers, dealers simply give away critical and potentially damaging information from their stores,” said Tony Petcou, a channel manager with Nuspire Networks, a security services provider based in Michigan.

Hacking damage can range from loss of critical business and customer data to loss of business and customer loyalty.

Besides hackers inserting dangerous malware like Keylogger they can also insert into the network a ransom Trojan called CryptoLocker. This malware locks up servers and shuts down the business. Removing it can take days or more.

Many dealerships are attractive targets for cybercriminals, Petcou says. One reason is the victim’s overall dismissal of the threat.

“About 80% of dealerships lack sophisticated network protection because they lack the expertise, resources and often the desire to do anything about it,” he says.

“Too frequently they falsely believe they’re too small of a target for hackers. A business like Target may be a big fish, but a hacker can scoop vast numbers of critical personal and financial data from hundreds of auto dealerships more easily and more quickly.”  

He adds that 40% of dealerships’ computers use the Windows XP operating system, a system that leaves these computers vulnerable to hacking.

A PricewaterhouseCoopers Cybercrime Security survey notes, “The coming year could bring a new wave of (security) strikes on industries that have not migrated critical systems from Windows XP…”

Nearly 30% of survey respondents consider insider cybercrime as an issue.

Increase use of mobile devices in F&I can infect dealership networks if allowed to be taken off site and connected to home or public Wi-Fi hotspots. “This is a huge, huge risk,” Petcou says.

As a precaution, dealership Wi-Fi networks should be segmented into in-store hotspots from the main network to thwart such cross infection, he says.

He also advises dealers to:

  • Understand their business and the regulations that apply, in particular the Gramm-Leach-Bliley Act. The Federal Trade Commission requires dealers to comply with its Safeguards Rule to protect customer personal information.
  • Understand security risks. Consider having a network assessment done to probe for weaknesses so you can remediate.
  •  Educate employees not to share passwords or other confidential system information with anyone. Monitor employee computer use.

Jim Leman writes about automotive retail operations from Grayslake, IL. Reach him at

Views: 142


You need to be a member of to add comments!


Comment by Tom Gorham on January 6, 2015 at 12:12pm

Always great to read your articles Jim.  This one is very important.  Nice to see the reference to Nuspire since we use them for security.

Comment by Michael Baker on January 5, 2015 at 7:50pm

10-4 Don. Most will not 'act' until a few dealers get 'hit', unfortunately.

Comment by DON GRAFF on January 5, 2015 at 5:38pm

Hi Jim, you interviewed me way back in 2005.I found your article to be very timely. From my experience most dealerships do not recognize the vulnerability.


DealerELITE created this Ning Network.

Latest Activity

Profile Icon via Twitter
RT @SteveStauning: Checking out "Real Social Selling" on @dealerELITE:
Twitter6 hours ago · Reply · Retweet
Jeff Cowan posted a blog post

Write Service Podcast: Episode 45- The Holes in Your Process

This week, Jeff continues the discussion on having a true process on your service drive. Some of…See More
7 hours ago
Todd Smith posted a blog post
9 hours ago
Black Book posted a blog post


Vehicle Values With Historical Performance Can Greatly Increase Accuracy in Claims…See More
9 hours ago
Holly Markel posted a video

3 Keys to Developing Employees on the Phone (Part 2)

CallRevu Vice President of Customer Experience Holly Markel shares the first of three keys to developing your staff to handle the phones properly in part 2 o...
9 hours ago
Profile Icon via Twitter
Checking out "Real Social Selling" on @dealerELITE:
Twitter9 hours ago · Reply · Retweet
Steve Stauning's video was featured

Real Social Selling

If your salespeople aren't driving their own Up Bus, they're not doing everything they can to sell 20, 30 or even 40 units a month. Send them a link to this 49-minute lesson where they'll learn all they need to start generating real referrals from…
9 hours ago
John Sternal posted a blog post

August Auto Lease Prices Increase By Up To 54% On Several Vehicles

Several Brands Increase Lease Prices by up to 54% on Vehicles of All Sizes as New Model-Year Units…See More
9 hours ago
Profile Icon via Twitter
Dealer Elite Daily News is out! #automotivesales #carsales
Twitter9 hours ago · Reply · Retweet
Steve Stauning posted a video

How To Sell Cars on Facebook: Real Social Selling

Originally recorded live as part of the Undeniable Advantage Live Video Webcast Series. Social Selling is real and it's happening today! Right now, dynamic, ...
9 hours ago
Thomas F. Jung posted a blog post
10 hours ago
Simon Hopes posted a blog post

Best Run about Boats For Family

If you are searching for a boat that is great for the whole family but it is also quite satisfying…See More
10 hours ago
Profile Icon via Twitter
RT @Automotive_News: AutoNation's CEO says the industry is 'freaking out' about Trump's tariffs
Twitter21 hours ago · Reply · Retweet
Profile Icon via Twitter
RT @Automotive_News: Automakers offer financial assistance to victims of Hurricane Florence
Twitter21 hours ago · Reply · Retweet
Profile Icon via Twitter
RT @dealerrefresh: Are OEM's forcing you to put codes in your website? -
Twitter21 hours ago · Reply · Retweet
Profile Icon via Twitter
RT @SteveStauning: The Dreaded “Just Looking” – How to Overcome Objections on the Lot #automotivesales #carsales #…
Twitter21 hours ago · Reply · Retweet

de sponsor

Get Newsletter

dE Sponsor

© 2018   Created by DealerELITE.   Powered by

Badges  |  Report an Issue  |  Terms of Service