by Wolf Richter, Wolf Street:
“As the incident is ongoing, the full scope, nature and impact of the incident is not yet known”: AutoNation today.
When the $8.3 billion acquisition of auto-dealer software provider CDK by a PE firm under Brookfield Asset Management was completed in July 2022, the mergers & acquisitions firm, Paul Weiss, which had advised CDK on the deal, said in a now ironic press release: “The deal will allow CDK to continue to elevate the dealer and consumer experience when selling, buying or owning a vehicle.”
TRUTH LIVES on at https://sgtreport.tv/
Less than two years later, last Wednesday, CDK’s customers, including the biggest auto-dealer chains in the US, watched helplessly as a ransomware attack shut down CDK’s cloud-based software system, depriving all of its customers – 15,000 dealerships in total – of the most basic daily tools to run their new and used-vehicle sales operations, their parts and service operations, their inventories, their back-office operations, customer contact systems, loan applications, etc.
Dealers have resorted to writing up sales orders and service orders by hand, then hand-typing all this into spreadsheets or whatever, to track it somehow, hopefully not making the situation even worse by adding typos into VINs, repair order numbers, names, and other key data. Then, someday, when the system is up and running again, they hope to re-type – or maybe copy and paste? – all this from spreadsheets into the CDK software system, praying all along the way to not make the situation even worse by introducing more typos into key data.
The publicly held auto dealers – there are not many, but they’re huge, with lots of big dealerships around the country – have started to warn about the still unquantifiable consequences. And this could ripple across the economic data for Q2.
AutoNation [AN], the largest dealer chain in the US, said in an SEC filing today that it had been notified on June 19 that CDK, “was experiencing a cyber incident impacting its systems, including the systems necessary to support our dealer management system (“DMS”), which supports our dealership operations, including our sales, service, inventory, customer relationship management, and accounting functions.”
It said its stores remain open, “and we are continuing to sell, service, and buy vehicles, and otherwise serve our customers, through manual and alternative means and processes, albeit with lower productivity.”
“As the incident is ongoing, the full scope, nature and impact of the incident is not yet known,” it said.
Group 1 Automotive [GPI] said in an SEC filing today that “all Group 1 U.S. dealerships continue to conduct business using alternative processes until CDK’s dealers’ systems are available.”
“CDK has advised that it anticipates the restoration of the dealer management system will require several days and not weeks. The timing of the restoration of other impacted CDK applications remains unclear at this time,” it said.
“Group 1’s ability to determine the material impact, if any, of the CDK incident and the resulting service outage, will ultimately depend on a number of factors, including when, and to what extent, the Company resumes its access to the CDK’s dealers’ systems,” it said.
