By Robert McMillan, Ginger Adams Otis and Alexa Corse
Auto dealership owner John Hiester expected to deliver 20 cars and trucks to customers this past Wednesday at the four locations he owns in central North Carolina. Instead, he has spent the past several days trying to salvage his operations after a cyberattack on software provider CDK Global hobbled his business.
"It was a shock to the system," Hiester said. "The first couple of days were really tough."
The attack, announced Wednesday, continued disrupting business into a second week. Dealers such as Hiester have rolled back the technological clock and returned to workarounds such as spreadsheets and pen-and-paper to keep track of sales, repairs and orders.
The cyberattack has exposed a widespread dependency on little-known software that can handle a range of functions at car dealerships, from managing websites and connecting telephones to tracking inventory and figuring out what forms the banks will require for car loans.
Three dealership chains, AutoNation, Group 1 Automotive and Lithia Motors, said in separate government filings Monday that they use CDK in the U.S. and are employing workarounds to keep their stores open. Other dealership operators, including Sonic Automotive and Penske Automotive Group, have previously said they were affected.
While dealerships struggle to keep track of their businesses, CDK, which says it provides its management software to nearly 15,000 car dealer locations nationwide, has given few details about the attack.
Several of CDK's messages to dealers have referred to a cyber incident or cyberattack. A CDK statement on Saturday said it was recovering from a "cyber ransom event," suggesting a ransomware attack, which involves hackers seizing control of a company's computer systems or data until a ransom is paid.
Cybersecurity experts say that in many ransomware attacks, the criminals will threaten to release private information, even if the ransom is paid.
CDK has declined to comment on the nature of the attack or whether the hackers had accessed customer information. A spokeswoman on Monday reiterated a previous statement that the company has begun a "restoration process" that it expects will take several days.
Based in Illinois, CDK was acquired by investment firm Brookfield Business Partners in a 2022 deal valued at $8.3 billion, including debt. CDK's then-chief executive, Brian Krzanich, who had once been Intel's CEO, left, and Brian P. MacDonald currently runs the company.
Chris Lemley, president of Sentry Auto Group, which sells Ford, Lincoln and Mazda vehicles at dealerships in New England, said CDK's response to the crisis has been one of its most frustrating aspects.
"The emails they sent to customers were simply signed 'CDK Customer Care, ' as if their executives were all too afraid to put their name at the end of an email," he said. The messages tended to contain the same basic information, he noted, with no new details in real time.
CDK's statement said it was engaging with customers and providing "alternate ways to conduct business."
Lemley learned that the attack likely involved ransomware through the media, not the company, he said.
"I have no idea what technological or security-related errors CDK management, and its private equity owner, Brookfield, may have made," he said. "But their most fundamental and unforgivable error is a lack of leadership."
A Brookfield spokeswoman said it was working with CDK to restore services and help dealers resume normal operations.
Every day the outage continues, the cumulative damage grows, Lemley said.
"Each handwritten repair order and parts slip will have to be re-keyed. And each time we re-key something, there is an opportunity to make a mistake," he said. He plans to consider new software systems once normal operations resume.
For Hiester, a fix can't come fast enough. On average, employees at Hiester Automotive Group make thousands of accounting entries a day. Without CDK software, nothing gets entered, he said.
"We'll have to go back and re-enter everything that we did though CDK, so it's in our system," he said. Once the numbers are reconciled, he will be able to figure out exactly what the outage cost him.
Some sales representatives that use CDK are already feeling the financial bite, in the form of interrupted or slowed deals.
Shirley Ng, a San Francisco Bay Area resident who spent weeks looking for a particular Lexus car, finally found one and had planned to complete her purchase over the weekend.
After the cyberattack hit, she said, the salesperson offered to go ahead with the paperwork by hand -- which didn't sit well with Ng.
"If you guys are reporting everything by hand, God knows how long it's going to take," she said.
Instead of buying a new car, Ng found herself looking for a new dealership.
Jason Kim, a sales representative at a Cadillac dealership in Southern California, said his team has had to figure out how to use an alternate computer system. It took his team five hours to complete a purchase for a customer this past week, he said, which usually would take only about an hour or two.
"We're just trying to make it work, some way, somehow," he said.
Write to Robert McMillan at robert.mcmillan@wsj.com, Ginger Adams Otis at Ginger.AdamsOtis@wsj.com and Alexa Corse at alexa.corse@wsj.com
(END) Dow Jones Newswires
June 24, 2024 09:51 ET (13:51 GMT)
Copyright (c) 2024 Dow Jones & Company, Inc.
Comments