More car dealerships say CDK cyberattack has hurt their operations

By Ciara Linnane and Claudia Assis

Group 1 and others say their operations have been hurt by the attack

Several car-dealership companies disclosed Monday that the cyberattack at CDK Global last week has disrupted their business, with the software provider saying it will likely take days to restore services.

CDK said Saturday it had started "the restoration process," but that may take "several days to complete."

"We are continuing to actively engage with our customers and provide them with alternate ways to conduct business," the company said. Shares of CDK Global's parent Brookfield Business Partners LP (BBU) fell 0.2% Monday, adding to a 7% drop in the last week.

The hack happened Wednesday, and CDK shut down its systems as it investigated the problem and consulted with experts.

On Monday, Group 1 Automotive Inc. (GPI) said in a statement it had activated its cyber incident response procedures and "proactively took measures to protect and isolate its systems from CDK's platform."

"All Group 1 U.S. dealerships continue to conduct business using alternative processes until CDK's dealers' systems are available."

The company's dealerships in the U.K. are not affected as they don't use CDK's dealers' systems, it added. It was the first comment on the hack from Group 1, which has 202 dealerships in the U.S. and U.K.

Several dealers across the U.S. have had to halt or find alternatives for their service orders, sales, title work and in some cases even payroll because of the cyberattack.

"We have gone old school" using paper, an assistant service manager at a Philadelphia-area Ford dealership said Friday. "We are doing it all old-fashioned style, pushing through how we can." The employee didn't want to identify himself because he wasn't authorized to speak with MarketWatch.

CDK has told Group 1 that it expects the restoration of its systems to take several days, but not weeks. That timing, however, remains unclear, and any material impact, if any, "will ultimately depend on a number of factors, including when, and to what extent, the company resumes its access to CDK's dealers' systems," Group 1 said.

Dealership consultant Matthew Hilty has estimated that about 50% to 60% of U.S. dealerships use CDK's software, which offers one-stop-shop service for sales, title work, financing and services and parts orders.

"I don't know if people realize the depth of how much CDK is embedded in the dealership functions," he said.

Separately, AutoNation Inc. (AN), which has 271 retail stores and dealerships across the U.S., said the attack has impacted its sales, service, inventory, customer relationship management, and accounting functions.

"We immediately took precautionary containment steps to protect our systems and data, implemented business continuity plans, and commenced a review of the potential impact of the incident, which efforts are ongoing," the company said in a filing Monday.

All of the company's locations remain open, however, and it's continuing to sell, service and buy vehicles using manual processes, "albeit with lower productivity." AutoNation is also uncertain of the full impact while the incident is ongoing, it added.

Lithia Motors Inc. (LAD) said it has activated its cyber-incident-response procedures, which include severing business service connections between its systems and CDKs.

That has led to disruptions to its CDK-hosted dealer management system, which supports dealership operations including those supporting sales, its customer relationship management system, inventory and accounting functions, the company has said in a filing.

"To date, the company has not identified any compromise or unauthorized access of its systems or networks," said the filing.

The company's dealerships remain open and are serving customers.

Sonic Automotive Inc. (SAH) acknowledged the disruption in a late Friday filing, saying its dealerships are open and using "workarounds" to minimize the problems. It has not yet determined whether the incident will have a material impact on the company's financials, it said in its filing.

CarMax Inc. (KMX) Chief Executive Bill Nash said earlier Friday that while the used-car retailer does not use CDK for its dealer-management system, it does work with other dealers for parts and could see a knock-on effect from the hack.

See also: CarMax's profit beat offsets revenue miss, as stock rises

-Ciara Linnane -Claudia Assis

This content was created by MarketWatch, which is operated by Dow Jones & Co. MarketWatch is published independently from Dow Jones Newswires and The Wall Street Journal.

(END) Dow Jones Newswires

06-24-24 1049ET

Copyright (c) 2024 Dow Jones & Company, Inc.