From Bloomberg and staff reports
John Patterson’s teams at five Southern California auto dealerships are scrambling to “keep things together” after CDK Global — a software provider to some 15,000 dealers — was waylaid by debilitating cyberattacks.
Patterson, who operates Mazda, Kia and Hyundai dealerships in Orange County, says his employees are doing a remarkable job during “a tough situation.”
“We have put alternative measures in place so as not to inconvenience our customers and doing our best to expedite the process for our teammates as well as our guests,” he said Friday via email.
Elsewhere around the U.S., the scramble is similar.
A dealership in Phoenix is handwriting paper contracts and gauging creditworthiness with guesswork. A Jeep owner in Alabama keeps calling about when a replacement part will be in stock. A family in New Jersey is waiting for word on when they can take delivery of their new Audi.
Also see: California EV sales hit record level while other states seem to lose interest
The attack on CDK spread on June 19, costing US dealers a burst of business on a federal holiday. The company warned that a second incident is likely to keep its systems down for several more days.
The attacks have had a crippling effect on an industry that topped $1.2 trillion in sales last year just in the US, and is in the thick of an end-of-quarter sales push. CDK’s core product — a suite of software tools referred to as a dealership management system, or DMS — underpins virtually every element of auto retailers’ day-to-day business.
“It’s just mass chaos at this point,” Diana Lee, the chief executive officer of Constellation, a social media agency that works with auto dealerships across the US, said on Bloomberg Television. “The dealer’s required to actually run a DMS for sales, service, parts, for every single functionality — even stocking a vehicle, you can’t do it without the DMS system. So it is a disaster.”
Also see: Should we fear AI? Auto tech founders say we’ll learn to live with it
CDK hasn’t said who or which entity is behind the intrusion, but it issued a warning to customers Thursday evening, saying “bad actors” are reaching out to customers, attempting to capitalize on the confusion. “We are aware that bad actors are contacting our customers, posing as members or affiliates of CDK, trying to obtain system access,” CDK said. “CDK associates are not contacting customers for access to their environment or systems. Please only respond to known CDK employees and communications.”
There are only a handful of DMS companies for dealers to choose from after decades of consolidation within this corner of the car-retailing industry. As a result, thousands of stores are highly reliant on CDK’s services to line up financing and insurance, manage inventory of vehicles and parts, and complete sales and repairs.
More on new cars: Ford says drivers will be able to take their eyes off the road in two years
In the meantime, CDK competitor The Reynolds and Reynolds Co. said it’s on the lookout for things it can do “quickly” for affected dealerships. “Our industry is under attack,” Christopher Walsh, the company’s president, said in a statement posted to LinkedIn. “The impact of this goes far beyond CDK – it is hurting a lot of dealers and consumers as we enter the peak of summer.”
Since the attack began, the dealership has been able to process about half the transactions it usually can. Anything complicated — say, a purchase involving a trade-in or unusual financing — simply can’t get done.
“For this store, I’d like to have 10 complete deals done a day,” Padron said. “Five, six, seven would be nice today.”
Staff writer Samantha Gowen and Kara Carlson, Evan Gorelick and Jake Bleiberg at Bloomberg contributed to this report.