auto dealer in black and red logo
MenuMENU
SearchSEARCH

FTC: DealerBuilt Hack Affected 130 Dealerships

A 2016 cyberattack laid bare the personally identifiable information of about 12.5 million customers of 130 U.S. dealerships, according to a Federal Trade Commission bulletin announcing a consent agreement with dealer software provider DealerBuilt.

Tariq Kamal
Tariq KamalFormer Associate Publisher
Read Tariq's Posts
June 13, 2019
FTC: DealerBuilt Hack Affected 130 Dealerships

In 2016, a hacker accessed the personal data of about 12.5 million U.S. dealership customers and posted more than 69,000 of those records online over a 10-day period. The breach would be traced to a cybersecurity lapse blamed on dealer software provider DealerBuilt.

Photo by Génesis Gabriella via Pixabay

2 min to read

WASHINGTON — The Federal Trade Commission announced it has reached a consent agreement with LightYear Dealer Technologies, better known to the U.S. auto retail industry as DealerBuilt. The action is related to a 2016 incident in which a hacker accessed the records of about 12.5 million customers who had done business with 130 DealerBuilt dealerships nationwide.

“The firm’s poor data security practices led to a breach that exposed the personal information of millions of consumers,” the FTC’s statement reads, in part, noting the company “failed to implement readily available and low-cost measures to protect personal information it obtained from its auto dealer clients.”

The hacker posted a 69,283-customer sampling online over a 10-day period. The breach was initially discovered by one of the affected customers, spurring investigations at the federal and state levels. FTC officials said personally identifiable information such as names, dates of birth, Social Security numbers, and bank accounts was “stored and transmitted in clear text, without any access controls or authentication protections.”

The breach was eventually traced back to a DealerBuilt employee who connected an unsecured external storage device to the company’s backup network and left it there for 18 months. “The company never performed any vulnerability scanning, penetration testing, or other measures that would have detected the vulnerability,” according to FTC officials.

The consent agreement precludes DealerBuilt from transmitting or storing personal information until “reasonable data access controls” that meet the standards of the Gramm-Leach-Bliley Act’s Safeguards Rule are confirmed to be in place. Any violation of the agreement could result in severe financial penalties.

DealerBuilt CEO Michael Trasatti told Automotive News the company acted quickly when the breach was discovered three years ago and has been attacking potential vulnerabilities ever since.

“We take securing customer data seriously,” Trasatti said. “We work to continuously improve our security.”

To read the FTC’s statement in its entirety, click here.

Topics:Michael TrasatticybersecurityDealerBuiltdata breachFTCDealer OpsCompliance

More Compliance

Product & Technologyby StaffFebruary 4, 2026

AAMS Training and Mosaic Compliance Services Merge

The strategic combination is intended to expand technology-driven compliance solutions for the automotive industry.

Read More →
ComplianceOctober 6, 2025

The Jurisprudence of Pricing

Legal concept helps makes sense of California’s recently passed version of the failed federal CARS legislation.

Read More →
Digitalby Hannah MitchellSeptember 5, 2025

Cyber Threats Continue Apace

Hackers, seeing auto retail vulnerabilities in 2024 CDK incident, are taking advantage, data show.

Read More →
Ad Loading...
IndustryJuly 17, 2025

Trump 2.0 and Enforcement Priorities

The upshot is don’t relax, because regulation indeed continues.

Read More →
Blue and white Automotive Service Professionals logo presented over a blue background with various wrench tools.
Complianceby StaffJune 11, 2025

June Is Automotive Service Professionals Month

Observance is opportunity to thank technicians for their crucial role in auto retail.

Read More →
DigitalJune 9, 2025

The Real ID Deadline

Challenges auto dealers may still face verifying identities

Read More →
Ad Loading...
Complianceby StaffApril 28, 2025

Law Firms Tops in Auto Work

They bested all others on value or volume in the first quarter on major deals.

Read More →
Complianceby StaffJanuary 30, 2025

Cox Automotive Releases Compliance Guide

New edition walks auto dealers through relevant regulations for 2025.

Read More →
ComplianceJanuary 1, 2025

Safeguarding Customer Data

Encryption serves a critical role in automotive retail today.

Read More →
Ad Loading...
Complianceby StaffDecember 24, 2024

Trump 2.0 and Retail Automotive

Administration’s plans should generally bode well for the industry.

Read More →
View All