CDK to pay tens of millions to hackers who crippled car dealerships

A group that claims to have hacked CDK Global, the software provider for thousands of car dealerships in North America, has demanded tens of millions of dollars in ransom, according to a person familiar with the matter.

CDK plans to make the payment, said the person, who asked not to be identified because the information is private. The hacking group behind the attack is believed to be based in Eastern Europe, the person said. In the early days of any ransomware attack, discussions are fluid and the situation could change.

CDK did not respond to multiple requests for comment on Friday.

Since CDK discovered the breach and shut down the systems on June 19, chaos has ensued at many of the approximately 15,000 auto dealerships it counts as customers. CDK’s core product, a suite of software tools called dealership management system or DMS, underpins virtually every element of auto retailers’ daily business. So the outage hampered sales, disrupted repairs and delayed deliveries in an industry that surpassed $1.2 trillion in U.S. sales last year. The disruptions are also hitting amid a boost in end-of-quarter sales.

“Right now it’s just massive chaos,” Diana Lee, chief executive of Constellation, a marketing agency that works with auto dealers across the United States, said on Bloomberg Television. “The dealership must run a DMS for sales, service, spare parts and for each functionality; Even storing a vehicle cannot be done without the DMS system. “So it’s a disaster.”

CDK briefly restored some services for a few hours on June 19, but was forced to disable them following a second cyberattack. On Thursday, the company warned dealers that its systems will likely be unavailable for several days.

A lawsuit worth tens of millions of dollars comes after hackers demanded $50 million from a laboratory services company at the center of an ongoing ransomware attack that caused disruptions at London hospitals. UnitedHealth Group Inc., the largest health insurer in the United States, acknowledged earlier this year that it paid hackers a $22 million extortion fee.

CDK has not said who or what entity is behind the intrusion, but issued a warning to customers Thursday night, saying that outside parties are approaching customers, trying to profit from the confusion.

“We are aware that bad actors are contacting our customers, posing as CDK members or affiliates, attempting to gain access to the system,” the company said. “CDK associates do not communicate with customers to access their environment or systems. Please respond only to known CDK employees and communications.”

There are only a handful of DMS companies that dealers can choose from after decades of consolidation within this sector of the automotive retail industry. As a result, thousands of stores rely heavily on CDK’s services to obtain financing and insurance, manage vehicle and parts inventory, and complete sales and repairs.

Auto dealer Sonic Automotive Inc., which uses CDK to support critical dealership operations, said the disruptions caused by the cyberattack will likely have a “negative impact” on its operations until its systems have recovered, according to a document from the Friday. Sonic has not determined whether the attack will have a material impact on its finances and has reopened all of its dealerships with alternative solutions to limit disruptions, the company said.

CDK’s parent, Brookfield Business Partners LP, had its worst day of trading since October (down 5.7% on Thursday) and extended its decline on Friday. Shares of dealer groups AutoNation Inc., Group 1 Automotive Inc. and Sonic Automotive Inc. also fell.

Sign up for the Fortune Next to Lead newsletter for weekly strategies on how to get to the corner office. Sign up for free before it launches on June 24, 2024.

Leave a Comment