Helion Issues Dealer Data Security Guidance
TIMONIUM, Md. — IT managed services provider Helion Automotive Technologies has issued proactive security recommendations for auto dealers who may be at risk of customer data breaches. The recommendations come on the heels of an incident that occurred last month and was widely reported in news outlets. In February, a disgruntled employee with a CRM vendor circulated ... Read More »
TIMONIUM, Md. — IT managed services provider Helion Automotive Technologies has issued proactive security recommendations for auto dealers who may be at risk of customer data breaches. The recommendations come on the heels of an incident that occurred last month and was widely reported in news outlets.
In February, a disgruntled employee with a CRM vendor circulated an email that appeared to be from hackers threatening to release sensitive information from millions of customer records. The data was purportedly taken from several dealerships’ dealer management systems (DMS). The CRM vendor quickly identified the employee, determined that no security breach had occurred, and that the data the employee had in her possession was benign.
“These dealers were lucky, because if this hoax had turned out to be true, they would be legally liable and could be on the hook for millions of dollars,” said Erik Nachbahr, Helion’s founder and president and an Auto Dealer Today contributor. “What this incident illustrates is how most dealerships do not understand the serious consequences related to a data breach of this nature and how ill-prepared they are to respond.”
If a hacker gains access to sensitive data in customer records, such as Social Security numbers and birth dates, the cost to a dealership could be in the millions. That figure is based on an average cost of $30 per customer record breached.
Even if a dealership’s CRM or DMS vendor is responsible for the breach of a dealership’s customer records, the dealership is legally liable for all resulting costs, which may include:
Local and federal law enforcement investigations
Computer forensic investigations
Business interruptions, including orders to close the dealership until the source and impact of the breach is assessed
Customer notifications and free credit monitoring for customers
Crisis management and public relations
Customer and class-action lawsuits
FTC action for noncompliance with the Gramm-Leach-Bliley Act and software copyright laws
Fortunately for dealers, Nachbahr said, these consequences can be greatly mitigated by creating a security plan that includes a response to customer data breach occurrences.
His first recommendation is that dealers should assign a point person in the dealership who will coordinate a planned response. The designee is typically a high-level financial executive, which in a dealership may be the CFO, controller or chief compliance officer.
The designee should have a written response plan that addresses each of the consequences listed in the bullet points above. The designee should also have a list of parties and contact information at the ready in the event of a security breach. Parties that need to be notified immediately include local law enforcement, the dealership’s attorney, cyberliability insurance provider and public relations/crisis management representative.
The customer data breach response plan should also include a protocol for notifying customers that their data has been breached, which is a legal requirement. Many states also have a legal requirement that will require dealers to pay for one or two years of free credit monitoring for the affected customers.
Nachbahr recommends that any dealer who does not have cyberliability insurance should get some immediately. The typical insurance policies that dealerships carry, such as property, liability and casualty insurance, do not cover costs related to data breaches.
Finally, dealers who don’t have a crisis management plan in place, Nachbahr recommends they create one. Costs related to litigation and compliance violations can be greatly alleviated if the dealership responds publicly, immediately and in an appropriate manner.
Nachbahr further noted that the likelihood that a given dealership will experience a customer data breach is high. In the last 12 months, 71% of small to mid-size businesses reported a security breach, according to a July 2016 report titled IT Security at Small to Mid-Size Businesses (SMBs): 2016 Benchmark Survey. Companies with fewer than 500 employees proved the most vulnerable with a 75% breach rate.
“Dealers need to realize this is an imminent threat, and that it’s not if, but when this will happen,” he said. “Having a security plan in place is pretty much expected for every business in every industry these days, but, unfortunately, we find that many dealerships don’t think about it until it’s too late.”
More Industry

Luxe N.C. Dealerships Change Hands
A collection of Italian and English brand franchises were handed off to the owner’s friend in the business and include the Carolinas’ only Ferrari retail stores.
Read More →
Exposure Drives Interest in Chinese Cars
At a recent demonstration, consumers had the chance to ride in a Chinese-branded vehicle, a firsthand experience that improved their perceptions and purchase intent.
Read More →
Automotive Consumers Sink Further in Debt
Most financing metrics hit records in the second quarter as more buyers locked themselves into long terms and high monthly payments.
Read More →
Agent Advocate
Rob Mancuso, who comes from a long line of auto dealers, values general agents’ place in the industry and makes a case for them taking an even bigger seat at the table.
Read More →
Driving Under Distraction
Though consumers gave higher marks to new vehicles in JD Power’s most recent initial-quality poll, high-tech interference worsened, pointing to craving for simplicity.
Read More →
Affordable New Cars a Thing of the Past
More than one out of five new vehicles sell for more than $60,000, according to Edmunds. That's up 7% compared to prepandemic 2019.
Read More →
State Follows Federal Warning on Auto Ads
The Massachusetts attorney general cautioned the state’s automotive dealers to be upfront with the consuming public about their vehicle prices or risk punishment.
Read More →
Consumer Outlook on the Rise
Younger generations are feeling more positive about their financial futures and current affordability pressures than older generations, according to recent TransUnion data.
Read More →
Pennsylvania Dealership Under New Retailers
The sale of the Chrysler Dodge Jeep Ram store puts a family auto group on a leaner path as first-time dealers take the helm.
Read More →
Battery Storage Takes Priority Over EVs
U.S. automakers are prioritizing battery energy stationary storage over electric-vehicle production as the consumer demand for EVs lags the rest of the world.
Read More →