Auto retailers across the U.S. suffered a second major disruption in as many days due to another cyberattack at CDK Global, the software provider thousands of dealers rely on to run their stores.
CDK informed customers Thursday of the incident that occurred late the prior evening. The company shut down most of its systems again, saying in a recorded update that it doesn’t have an estimate for how long it will take to restore services.
“Our dealers’ systems will not be available at a minimum on Thursday,” the company said.
On what otherwise would have been a busy U.S. holiday for business, dealers reliant on CDK were unable to use its systems to complete transactions, access customer records, schedule appointments or handle car-repair orders. The company serves almost 15,000 dealerships, supporting front-office salespeople, back-office support staff and parts-and-service shops.
AutoNation Inc. led shares of publicly listed dealership groups lower Thursday, falling as much as 4.6% in intraday trading. Lithia Motors Inc., Group 1 Automotive Inc. and Sonic Automotive Inc. also slumped.
Greg Thornton, the general manager of a dealership group in Frederick, Maryland, said his stores’ CDK customer-relations software had been down since early Wednesday morning.
“I can only assume that CDK is working all hands on deck to resolve this,” said Thornton, whose group includes Audi and Volvo stores. “We’ve had no conversations with them in person or over the phone.”
The National Automobile Dealers Association said Wednesday it was actively seeking information from CDK to determine the nature and scope of the cyber incident.
CDK was spun off by Automatic Data Processing Inc. in 2014, then agreed to be acquired in April 2022 by the investment company Brookfield Business Partners in an all-cash deal valued at $6.4 billion.