Cheat sheet: What you need to know about about the great car dealer software hack

In this article:

Having trouble recently buying a car at a dealer or getting them to service your car?

The likely culprit is a cyberattack on CDK Global, a software provider that thousands of dealers and service centers use for critical pieces of their business. The attack on June 19 has brought dealerships to their knees as they struggle to complete basic tasks with nonfunctioning computer systems, though the company says its on the path towards restoring service.

Here’s what we know so far.

CDK Global, based in Hoffman Estates, Ill., claims to operate in over 15,000 retail locations across North America, offering software — in particular a “dealer management system,” or DMS — that dealers use to process transactions, arrange financing, track parts and suppliers, and perform customer relations management, among other activities.

CDK Global is owned by Brookfield Business Partners (BPU), a Canadian private equity firm that bought it for nearly $6.5 billion in 2023.

CHICAGO, ILLINOIS - JUNE 20: Cars sit on a Chevrolet dealership's lot on June 20, 2024 in Chicago, Illinois. A cyber attack on CDK Global, a software provider that helps dealerships manage sales and service, has crippled the workflow at approximately 15,000 dealerships across the United States and Canada. (Photo by Scott Olson/Getty Images)
A cyberattack on CDK Global, a software provider, has crippled the workflow at approximately 15,000 dealerships across the United States and Canada. (Scott Olson/Getty Images) (Scott Olson via Getty Images)

After numerous dealerships across Canada and the US reported system outages, CDK Global revealed it had been the victim of a cyberattack.

“CDK experienced a cyber incident," the company said in a statement to Yahoo Finance. “Based on the information we have at this time, we anticipate that the [recovery] process will take several days to complete,” the company said, adding that it was working with clients on workaround solutions — essentially going back to the pre-data entry days.

“Having to move everything to paper has resulted in both an accounting nightmare and bad buying experiences for consumers — and all during the start of their peak season,” said Stuart McCallum, partner at automotive accounting firm Withum, to Yahoo Finance.

CDK subsequently admitted that the perpetrators were demanding a ransom to restore services; Bloomberg separately reported that the group behind the attack, BlackSuit, is based in Eastern Europe and was demanding tens of millions.

Shares of CDK Global’s parent Brookfield slid 5.7% in Canada following reports that the company was hacked for a second time after it tried to restore services.

On Wednesday night of this week, CDK Global issued a statement with the first positive news from the company since the cyberattack began on June 19, claiming that a small group of dealers had been brought back online with CDK's DMS.

CDK said there was more movement on that front on Friday.

“We are continuing our phased approach to the restoration process," the company said in a statement to Yahoo Finance. "We have successfully brought two small groups of dealers and one large publicly traded dealer group live on the Dealer Management System (DMS). We are also actively working to bring live additional applications—including our Customer Relationship Management (CRM) and Service solutions—and our Customer Care channels."

At the retail level, dealers and their customers have been negatively affected in several ways.

At one end are customers with new car purchases that can’t get processed or ones who have seen purchases delayed. On the other end, and more troublesome, are customers with cars stuck in service departments.

“We're not allowed to let a car go until the repair order gets closed because that's just the way the law works,” a dealer based in Southern California said to Yahoo Finance. “Repair orders can't get closed until we know who's going to pay for it.”

Yahoo Finance also spoke to two separate customers getting service work done at Porsche and Lexus dealerships, one with a car return delayed from a service center and the other with a car stuck in service due to parts orders being affected.

Larger dealerships have been trying to work around the issue. AutoNation, the biggest US dealership group by revenue, said in a filing on Monday that it is resorting to “manual” processes.

“While the outages of CDK’s systems and our DMS have been disruptive and adversely impacted our business, all of our locations remain open, and we are continuing to sell, service, and buy vehicles, and otherwise serve our customers, through manual and alternative means and processes, albeit with lower productivity,” the company said.

Unsold 2024 pickup trucks sit on the lot of a GMC/Buick dealership Tuesday, June 25, 2024, in Loveland, Colo. (AP Photo/David Zalubowski)
Unsold 2024 pickup trucks sit on the lot of a GMC/Buick dealership Tuesday, June 25, 2024, in Loveland, Colo. (AP Photo/David Zalubowski) (ASSOCIATED PRESS)

Lithia Motors, which operates nearly 300 dealership locations in the US, admitted the dealership group is under strain, with limited visibility into the overall effect of the outage.

“While this incident has had, and is likely to continue to have, a negative impact on the Company’s business operations until the relevant systems are fully restored, the Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Lithia said in a filing on Monday.

Group 1 Automotive, which has over 200 dealerships in the US and UK, said in a statement Monday that it was using "alternative processes" to conduct business and that the company's ability to determine any material impact from the service outage would depend on a "number of factors."

One thing seems certain: The longer the outage lasts, the more pain the dealerships will have to endure.

“If they get this thing fixed this week, I think it'll just be an annoyance. It'll probably cost some money, but I don't think it's the end of the world,” the Southern California-based dealer told Yahoo Finance regarding outages on the sales side, but added if the disruption went on for a month, “it's going be a problem.”

Picture of a sign with the logo of CDK Global taken in front of their main office for Prague, Czech Republic. Formerly called ADP Dealer Services, CDK Global provides integrated technology services and solutions to over 27,000 automotive dealerships internationally, as well as vehicle manufacturers.
Picture of a sign with the logo of CDK Global taken in front of their main office for Prague, Czech Republic. Formerly called ADP Dealer Services, CDK Global provides integrated technology services and solutions to over 27,000 automotive dealerships internationally, as well as vehicle manufacturers. (BalkansCat via Getty Images)

Dealership groups that are stuck with CDK Global’s inoperable DMS are not happy and may be looking at other software providers, such as SAP, Reynolds and Reynolds, and Dominion Enterprises.

The Southern California-based dealer told Yahoo Finance that CDK has a “trust” issue based on how the company has handled the situation. Communication hasn’t been helpful, the dealer said, adding to what others have said about vague and generic mass emails sent to clients.

“They've been largely ineffectual at fixing this, and that's the bigger trust issue,” the dealer added, claiming dealers would definitely consider looking at alternatives.

That’s because consumers remember poor car-buying experiences and will be more likely to take their business to a dealership that wasn’t impacted by the hack, said McCallum of Withum.

McCallum said he has heard directly from impacted dealerships, claiming that due to the difficulty of calculating leases by hand, for example, they have halted offering them completely.

One service center in Illinois is suing CDK Global over lost business due to the cyberattack, and other DMS operators like Dominion have said automakers want to audit their software as well to test for cybersecurity effectiveness.

With systems impacted for over a week, automotive research firms are projecting lost sales for the month of June and second quarter.

“Because of the disruption to dealer software systems, June sales will not be reflective of actual consumer demand for new vehicles. Instead, a significant number of sales that would have occurred in June are now likely to occur in July,” said Thomas King, J.D. Power’s president of data and analytics, in a statement.

King and J.D. Power project overall June sales will dip from an initial 1.41 million unit projection to between 1.27 to 1.33 million unit sales for the month, or a 2.6% to 7.2% decrease in sales compared to a year ago.

A positive: Those lost sales could reappear in July. But even a lost week, or slow week of sales, in June could affect overall second quarter sales for the dealer groups and automakers too, due to the historically strong end-of-June period.

“The CDK cyberattacks have thrown a monkey wrench into sales during the second half of June, affecting what is arguably one of the most lucrative and busiest times of the month and quarter for dealerships,” said Jessica Caldwell, Edmunds’s head of insights. “Although the impact of these attacks will be different from dealer to dealer, this event is another speed bump on the automotive industry’s long road to recovery.”

Caldwell noted that despite high interest rates and other headwinds, new vehicle sales were poised to be strong in Q2 due to healthier inventory levels and return of summertime incentives. However, like JD Power, Edmunds now expects sales to be pushed to Q3, meaning sales losses could be recovered.

With Q2 earnings season coming up next month, investors will get a clearer picture of the cyberattack’s impact on dealership group-level sales and overall quarterly deliveries for volume automakers like Ford, GM, and Toyota.

Pras Subramanian is a reporter for Yahoo Finance covering the auto industry. You can follow him on Twitter and on Instagram.

Click here for the latest stock market news and in-depth analysis, including events that move stocks

Read the latest financial and business news from Yahoo Finance

Advertisement