Is this the beginning of the end for Shift Digital?

[Ryan Montville]

Has anyone seen this? What happens next? But more importantly, does the dealer have any power when it comes to Shift Digital's involvement in operations? I, for one, would welcome a very ugly divorce with Shift Digital at all my stores that participate.

"A memo to Volkswagen Group of America dealers obtained by Automotive News identified a vendor involved in a data breach impacting more than 3.3 million customers and prospective buyers, primarily at Audi.

In the email sent Thursday, Audi of America President Daniel Weissland identified the vendor as Shift Digital, which is “used by Audi, Volkswagen, and some authorized dealers in the United States and Canada.” Two dealers with knowledge of the situation verified the vendor’s identity with Automotive News."

Vendor linked to VW data breach named in memo to dealers

Audi of America President Daniel Weissland identified the vendor in an email to dealers as Shift Digital, which is “used by Audi, Volkswagen, and some authorized dealers in the United States and Canada.”

www.autonews.com

 

[Alex Snyder]

Word is Audi isn't the only one affected.

 

[Auto_NC]

Word is Audi isn't the only one affected.

I was going to say, they run that program for multiple OEMs, depending on where the breach was, have to imagine odds of this being a larger impact being fairly large.

 

[Ryan Everson]

does the dealer have any power when it comes to Shift Digital's involvement in operations? I, for one, would welcome a very ugly divorce with Shift Digital at all my stores that participate.

I've personally been more impressed with Shift lately (and it's not just because my beautiful wife worked at their Birmingham office).

My biggest gripe with them previously was the Shift negotiated rate was significantly more expensive than our dealer group's negotiated rate. Shift has been matching our dealer group's negotiated rate in a lot of OEM programs lately.

In regards to the data breach, that could happen to anyone. Not to go off on a tangent, but dealers should use Colonial pipeline hacking as a wake-up call to evaluate their cyber security.

Imagine coming in one day and being locked out of all your systems. How long would it take your dealership to get back up and running? My guess for most is weeks, unless you pay the ransom.

 

[Ryan Montville]

I've personally been more impressed with Shift lately

I'm happy someone is. On one of my websites, we had (at one time) 3 links to the same tire site, 2 links to the same service scheduler, and 3 links to the same service specials in the same nav dropdown. I've had 1 good shift rep between all our stores that use Shift. Shift pricing is higher for us too, but my biggest gripe is them not communicating their plans. That results in erasing custom pages, replacing them with canned content, adding duplicate links in navigation, pushing slides we've already built in house, erasing footer links, etc.

 

[craigh]

Imagine coming in one day and being locked out of all your systems. How long would it take your dealership to get back up and running? My guess for most is weeks, unless you pay the ransom.

This really depends on how in-house your service providers are. For most dealers, your DMS, CRM, website and marketing tools are all in the cloud, hosted elsewhere. They can encrypt every computer in the dealership, but if your DMS is in the cloud then they can't do much with that.

The solution to this is having proper backups and replication in place - from what I'm hearing this malware already exists on millions of devices, but it lies dormant until there is a reason to use it. A single dealership would be a very small attack, but going after Reynolds or CDK would be catastrophic.

Also worth noting that they got the ransom back in the Colonial pipeline scam - bitcoin is incredibly traceable and the morons that did that put a large portion of it into a cloud-based wallet, which was immediately seized and returned. I can't decide if they have no idea what they're doing, or if they're just firing warning shots.

 

[GerryFoster]

I'm happy someone is. On one of my websites, we had (at one time) 3 links to the same tire site, 2 links to the same service scheduler, and 3 links to the same service specials in the same nav dropdown. I've had 1 good shift rep between all our stores that use Shift. Shift pricing is higher for us too, but my biggest gripe is them not communicating their plans. That results in erasing custom pages, replacing them with canned content, adding duplicate links in navigation, pushing slides we've already built in house, erasing footer links, etc.

Without knowing how you review your own websites, and not trying to hurl anything negative but, isn't reviewing your menus sort of on you?

 

[Alex Snyder]

Without knowing how you review your own websites, and not trying to hurl anything negative but, isn't reviewing your menus sort of on you?

If you don't know another provider is pushing content into your website how would you know to review it?

 

[Ryan Montville]

Without knowing how you review your own websites, and not trying to hurl anything negative but, isn't reviewing your menus sort of on you?

No doubt the responsibility is on us. Customers assume our website is 100% "ours." That's what is so frustrating. Our time is better spent creating better customer experiences instead of searching our sites (daily) for what new content was pushed without us knowing.

 

[craigh]

If you don't know another provider is pushing content into your website how would you know to review it?

Someone at the dealership should be responsible for checking and maintaining the website.
Even if you're paying someone to manage your website, they don't know your store - always make sure it's representative of what you're trying to do.