Hacked Software Firm CDK Expects All Dealers Live by July 4

Charles Gorrivan and Evan Gorelick, Bloomberg News

Vehicles for sale at an AutoNation Honda dealership in Fremont, California, US, on Monday, June 24, 2024. The hack that's disrupted business at thousands of car dealerships in North America is now in the process of getting resolved, the targeted software provider CDK Global said. Photographer: David Paul Morris/Bloomberg , Bloomberg

(Bloomberg) -- CDK Global, the software provider to roughly 15,000 car dealerships across North America that was hacked nearly two weeks ago, said it anticipates all dealers will be live by late evening July 3 or early morning July 4.

CDK suffered two cyberattacks that forced its systems offline for days, slowing down everything from scheduling and service repairs to parts deliveries and car purchases at auto dealerships in both the US and Canada. On June 24, the Illinois-based company signaled to customers that the disruptions could persist until the end of the month.

Since CDK discovered the breach and shut off systems on June 19, chaos has ensued at dealerships. CDK’s core product — a suite of software tools referred to as a dealership management system, — underpins virtually every element of auto retailers’ day-to-day business. As a result, the outage hampered sales and interrupted repairs across an industry that topped $1.2 trillion in US sales last year. The disruptions also are hitting amid an end-of-quarter sales push.

“We are continuing our phased approach to the restoration process and are rapidly bringing dealers live,” said Tony Macrito, senior communications director at CDK.

A hacking group called BlackSuit was behind the cyberattack on CDK Global that’s paralyzed car sales across the US, according to Allan Liska, a threat analyst at the security firm Recorded Future Inc. The gang demanded tens of millions of dollars in ransom to end the disruptions, and CDK had planned to make the payment, Bloomberg News previously reported. It’s not clear if CDK paid the ransom.

There are only a handful of companies that provide so-called dealership management systems for auto sellers after decades of consolidation. Thousands of stores are highly reliant on CDK’s services to line up financing and insurance, manage inventory of vehicles and parts, and complete sales and repairs.

Some of the largest auto dealers in North America have warned of a potential “material” impact to their finances from the attack, which they said would hinge largely upon the duration of the outages. Sonic Automotive Inc., Penske Automotive Group Inc., Group 1 Automotive Inc., AutoNation Inc., Lithia Motors Inc. and Asbury Automotive Group Inc. have all filed disclosures with the US Securities and Exchange Commission.

The incident is part of a growing phenomenon in which financially motivated cybercriminals have attacked critical links in the global IT supply chain, bringing down entire industries along with them.

(Updates with additional information in the fifth paragraph. A previous version of this story included an incorrect headline deck.)