Breach taxonomy
Summary
On June 19, 2024, Lithia Motors received notice from CDK Global, a third-party provider of dealer management and other information systems, that CDK had suspended its systems in response to a cybersecurity incident impacting CDK. Lithia activated its cyber incident response procedures and severed connections to CDK systems. As a result, dealership operations including sales, CRM, inventory and accounting functions were disrupted across North America. No compromise or unauthorized access to Lithia's own systems was identified. Dealerships continued to operate with mitigation plans in place. Filed under Item 8.01; materiality not yet determined.
Tagging rationale
ThreatUnknown
Filing does not attribute the CDK incident to a specific actor → UNKNOWN.
MethodsSupply Chain
The disruption originated from a cybersecurity incident at CDK Global, a third-party IT provider whose systems Lithia depends on for dealership operations → SUPPLY-CHAIN.