A nightmare scenario for any dealer is to have a data breach. If customers' information is compromised at a dealership, that store has to reach out to every single person it has done business with and let them know.
That's not good for business. A survey by Total Dealer Compliance found 84 percent of car buyers would not go back to a dealership that had a data breach.
"So just based on that, [dealers] should take physical and computer security seriously," said Total Dealer Compliance CEO Max Zanan.
There are two lines of defense against data crooks.
Dealerships rely on procedures to ensure that their employees don't leave the doors unlocked, as it were, and on the software that runs in the background of their dealership management systems to maintain cybersecurity.
A hack specifically to steal a dealership's customer information is not very likely, according to Zanan and Michael Alf, a computer-savvy general manager and co-owner of St. Charles Toyota near Chicago.
Alf noted a 2013 breach of retail giant Target. In that instance, hackers gained access to Target's costumer service database by way of a third-party vendor's credentials, installed malware and then culled the personal information of tens of millions of customers.
"But the reality is people aren't going to go into dealerships and do that," Alf said. "We don't have enough data."
In other words, a sophisticated hack on an individual store is typically not worth cyber thieves' time. More concerning to dealerships are phishing scams and malware or ransomware attacks.