FTC Safeguards

Cyber Attacks on Car Dealerships

Compliance with FTC Safeguards Extension

Recent reports indicate that cyber attacks on car dealerships have increased by 49% in the first half of 2021, with an average of 37 attacks per dealership. This rise in attacks highlights the importance of protecting personal identifiable information (PII) of customers and employees in the automotive industry. The Federal Trade Commission (FTC) Safeguards Rule requires that car dealerships take measures to protect PII from unauthorized access or disclosure. The rule applies to dealerships that buy, sell, or lease cars and that regularly use or obtain consumer reports. Failure to comply with the Safeguards Rule can result in fines and other penalties, as well as reputational damage.

FTC Safeguard Extension

The FTC recently extended the Safeguards Rule to include dealerships that obtain consumer reports in connection with their financing or leasing services. The extension aims to improve the protection of customer data and reduce the risk of data breaches. Compliance with the Safeguards Rule extension is critical for dealerships that handle customer financial data.

The consequences of a successful cyber attack on a dealership can be severe, including financial loss, legal liabilities, and reputational damage. The average cost of a data breach in the automotive industry is $1.54 million, according to a recent study by IBM Security.


To comply with the FTC Safeguards Rule, car dealerships should implement a comprehensive information security program that includes the following elements:

  • Designating one or more employees to coordinate the program
  • Conducting a risk assessment to identify potential risks to customer data
  • Developing and implementing safeguards to control the identified risks
  • Overseeing service providers to ensure they also have appropriate safeguards in place
  • Regularly monitoring and testing the effectiveness of the safeguards

In addition to these requirements, dealerships should provide training to employees on information security and have a plan in place for responding to data breaches.

In conclusion, with the rise of cyber attacks on car dealerships, compliance with the FTC Safeguards Rule is crucial for protecting customer data and avoiding costly data breaches. By implementing a comprehensive information security program and providing regular training to employees, dealerships can reduce the risk of data breaches and ensure that customer data is protected.

If you would like to learn more about how to work towards compliance for your dealership, contact us to learn more about our complimentary FTC Guideline Security Audit.