Having trouble recently buying a car at a dealer or getting them to service your car?
The likely culprit is a cyberattack on CDK Global, a software provider that thousands of dealers and service centers use for critical pieces of their business. The attack on June 19 has brought dealerships to their knees as they struggle to complete basic tasks with nonfunctioning computer systems.
Here’s what we know so far.
What is CDK Global?
CDK Global, based in Hoffman Estates, Ill., claims to operate in over 15,000 retail locations across North America, offering software — in particular a “dealer management system,” or DMS — that dealers use to process transactions, arrange financing, track parts and suppliers, and perform customer relations management, among other activities.
CDK Global is owned by Brookfield Business Partners (BPU), a Canadian private equity firm that bought it for nearly $6.5 billion in 2023.
What happened to CDK Global, and who cares?
After numerous dealerships across Canada and the US reported system outages, CDK Global revealed it had been the victim of a cyberattack.
“CDK experienced a cyber incident," the company said in a statement to Yahoo Finance. “Based on the information we have at this time, we anticipate that the [recovery] process will take several days to complete,” the company said, adding that it was working with clients on workaround solutions — essentially going back to the pre-data entry days.
“Having to move everything to paper has resulted in both an accounting nightmare and bad buying experiences for consumers — and all during the start of their peak season,” said Stuart McCallum, partner at automotive accounting firm Withum, to Yahoo Finance.
CDK subsequently admitted that the perpetrators were demanding a ransom to restore services; Bloomberg separately reported that the group behind the attack, BlackSuit, is based in Eastern Europe and was demanding tens of millions.
Shares of CDK Global’s parent Brookfield slid 5.7% in Canada on Thursday following reports that the company was hacked for a second time after it tried to restore services.
Why dealers — and customers — are feeling the pain
At the retail level, dealers and their customers have been negatively affected in several ways.
At one end are customers with new car purchases that can’t get processed or ones who have seen purchases delayed. On the other end, and more troublesome, are customers with cars stuck in service departments.
“We're not allowed to let a car go until the repair order gets closed because that's just the way the law works,” a dealer based in Southern California said to Yahoo Finance. “Repair orders can't get closed until we know who's going to pay for it.”
Yahoo Finance also spoke to two separate customers getting service work done at Porsche and Lexus dealerships, one with a car return delayed from a service center and the other with a car stuck in service due to parts orders being affected.
Larger dealerships have been trying to work around the issue. AutoNation, the biggest US dealership group by revenue, said in a filing on Monday that it is resorting to “manual” processes.
“While the outages of CDK’s systems and our DMS have been disruptive and adversely impacted our business, all of our locations remain open, and we are continuing to sell, service, and buy vehicles, and otherwise serve our customers, through manual and alternative means and processes, albeit with lower productivity,” the company said.
Lithia Motors, which operates nearly 300 dealership locations in the US, admitted the dealership group is under strain, with limited visibility into the overall effect of the outage.
“While this incident has had, and is likely to continue to have, a negative impact on the Company’s business operations until the relevant systems are fully restored, the Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Lithia said in a filing on Monday.
Group 1 Automotive, which has over 200 dealerships in the US and UK, said in a statement Monday that it was using "alternative processes" to conduct business and that the company's ability to determine any material impact from the service outage would depend on a "number of factors."
One thing seems certain: The longer the outage lasts, the more pain the dealerships will have to endure.
“If they get this thing fixed this week, I think it'll just be an annoyance. It'll probably cost some money, but I don't think it's the end of the world,” the Southern California-based dealer told Yahoo Finance regarding outages on the sales side, but added if the disruption went on for a month, “it's going be a problem.”
What’s next for CDK Global?
Dealership groups that are stuck with CDK Global’s inoperable DMS are not happy and may be looking at other software providers, such as SAP, Reynolds and Reynolds, and Dominion Enterprises.
The Southern California-based dealer told Yahoo Finance that CDK has a “trust” issue based on how the company has handled the situation. Communication hasn’t been helpful, the dealer said, adding to what others have said about vague and generic mass emails sent to clients.
“They've been largely ineffectual at fixing this, and that's the bigger trust issue,” the dealer added, claiming dealers would definitely consider looking at alternatives.
That’s because consumers remember poor car-buying experiences and will be more likely to take their business to a dealership that wasn’t impacted by the hack, said McCallum of Withum.
McCallum said he has heard directly from impacted dealerships, claiming that due to the difficulty of calculating leases by hand, for example, they have halted offering them completely.
CDK’s cyberattack-driven outage comes during a very heavy sales period for dealers — the end of the month and, crucially, the end of the quarter — when teams look to hit their sales goals. Automakers will be giving Wall Street analysts and investors an update on those numbers when second quarter production and delivery totals are released next week.
Pras Subramanian is a reporter for Yahoo Finance covering the auto industry. You can follow him on Twitter and on Instagram.
Click here for the latest stock market news and in-depth analysis, including events that move stocks
Read the latest financial and business news from Yahoo Finance