The article below is sourced from Bloomberg Wire Service. The views and opinions expressed in this story are those of the Bloomberg Wire Service and do not necessarily reflect the official policy or position of NADA.
Some of the largest auto dealers in North America are warning of a potential “material” impact to their finances from a cyberattack that has slowed operations at thousands of stores.
Sonic Automotive Inc. and Penske Automotive Group Inc. filed disclosures with the US Securities and Exchange Commission on Friday. Group 1 Automotive Inc., AutoNation Inc., Lithia Motors Inc. and Asbury Automotive Group Inc. followed Monday. All six companies use CDK Global, whose so-called dealership management system was halted a week ago after a crippling hack.
The disclosures represent the first sign of potential widespread economic impact stemming from the attack against CDK, which serves roughly 15,000 North American car dealerships. The incident is part of a growing phenomenon in which financially motivated cybercriminals have attacked critical links in the global IT supply chain — the plumbers of the Internet that you might least suspect as targets, bringing down entire industries along with them.
Shares in Sonic, Group 1, AutoNation, Lithia and Asbury have all declined since the hack. Penske shares have risen 2.5% since Wednesday as the company had previously said its dealerships weren’t affected.
The incident “has had, and is likely to continue to have, a negative impact,” Sonic said in its regulatory filing. The company hasn’t yet determined whether the CDK outage will have a material effect on its finances. Sonic shares have fallen nearly 3% since the hack.
Here is what other companies are saying about the business impact of the attack:
- Penske said it uses CDK’s software for its Premier Truck Group division — but not its US or international automotive dealership operations. The truck dealership business represents lower unit volumes than its automotive dealership division, the company said.
- Group 1 said its “ability to determine the material impact, if any, of the CDK hack and the resulting service outage, will ultimately depend on a number of factors, including when, and to what extent” it can resume access to CDK’s systems. Group 1 shares have declined 2.5% since Wednesday.
- AutoNation said that the service interruption has been “disruptive and adversely impacted” its business. All of its locations remain open and are continuing to sell, service and buy vehicles. But they’re experiencing “lower productivity,” the company said. AutoNation stock is down 5.6% since Wednesday.
- Lithia said it has “not yet determined whether the incident is reasonably likely to materially impact” its finances. The company said its dealerships continue to operate but noted that the hack has had a negative impact on business operations. The stock is down 0.4% since the attack.
- Asbury Automotive said some parts of its business operations are functioning “slower than normal.” The company’s Koons Automotive sites in Maryland and Virginia don’t use CDK’s dealer or relationship management systems, so they’re operating with “minimal interruption.” Asbury hasn’t yet determined whether the hack will have a material impact. Shares have declined 1.4%.
The intrusion is the handiwork of a hacking gang known as BlackSuit, Bloomberg reported Monday. The US Department of Health and Human Services recently declared in an alert that BlackSuit should be “closely watched” as a threat, in part because of the gang’s association with other extortion groups. BlackSuit uses malware and attack techniques that are remarkably similar to the defunct Russian-speaking Conti gang, suggesting to cyber researchers that BlackSuit is partly made up of experienced Russian hackers.
The hackers have demanded tens of millions of dollars in ransom from CDK, which intends on paying. CDK said over the weekend that it expects restoring its systems will take “several days and not weeks.”
The group functions as a ransomware-as-a-service gang, in which members lease their technical tools to affiliates and demand a cut of any extortion payments.
CDK provides software that helps dealers manage customer records, schedule appointments, handle car-repair orders and complete transactions, among other tasks. CDK has yet to restore full service, and the outage has forced dealers to halt or delay some services and resort to pen and paper.
(Adds details on the hacking gang in the second to last paragraph. A previous version of this story was corrected to reflect a full quote from Lithia’s filing.)
For more stories like this, bookmark www.NADAheadlines.org as a favorite in the browser of your choice and subscribe to our newsletter here: