← Back to incidents

Incident · Unknown

Lithia Motors, Inc. · LAD

Consumer DiscretionaryUSAIncident June 19, 2024Filed June 24, 2024
Impact score
Business continuity
Partial
Insurance involved
Not disclosed
Filing
8-K · 8.01

Breach taxonomy

UnknownSupply ChainRevenue ProcessBiz Interruption

Summary

On June 19, 2024, Lithia Motors received notice from CDK Global, a third-party provider of dealer management and other information systems, that CDK had suspended its systems in response to a cybersecurity incident impacting CDK. Lithia activated its cyber incident response procedures and severed connections to CDK systems. As a result, dealership operations including sales, CRM, inventory and accounting functions were disrupted across North America. No compromise or unauthorized access to Lithia's own systems was identified. Dealerships continued to operate with mitigation plans in place. Filed under Item 8.01; materiality not yet determined.

Tagging rationale

ThreatUnknown

Filing does not attribute the CDK incident to a specific actor → UNKNOWN.

MethodsSupply Chain

The disruption originated from a cybersecurity incident at CDK Global, a third-party IT provider whose systems Lithia depends on for dealership operations → SUPPLY-CHAIN.

AssetsRevenue Process

CDK's system suspension disrupted Lithia's dealer management system, CRM, inventory and accounting functions — all revenue-generating business processes → REVENUE-PROCESS.

EffectsBiz Interruption

Lithia's North America dealership operations including sales, CRM, inventory and accounting were disrupted while CDK systems were offline → BIZ-INTERRUPTION.

Business continuityPartial

Filing states dealerships continued to operate with mitigation plans implemented to minimize disruptions, but operations were still impacted as of filing → Partial.

Impact

Dealership operations disrupted across North America due to CDK Global supply chain attack; Lithia's own systems not compromised; impact scope not fully determined at filing → score 2.

InsuranceNot disclosed

Filing makes no mention of insurance → null.

Read the original SEC filing excerpt
Item 8.01. Other Events On June 19, 2024, Lithia Motors, Inc. (the Company) received notice from CDK Global (CDK), a third-party provider of certain information systems used by the Company, that CDK had suspended systems used by the Company in response to a cybersecurity incident impacting CDK. In response, the Company activated its cyber incident response procedures, which included taking precautionary containment steps and severing business service connections between the Company's systems and CDK's. As a result, the Company experienced disruptions in North America to its CDK hosted dealer management system, which supports dealership operations including those supporting sales, its customer relationship management system, inventory and accounting functions. To date, the Company has not identified any compromise or unauthorized access of its systems or networks. The Company, whose dealerships continue to operate, has implemented mitigation plans to minimize disruptions and continue serving its customers.
View SEC filingBack to database

More in Consumer Discretionary

Unknown · March 28, 2026

Hasbro, Inc.

On March 28, 2026, Hasbro identified unauthorized access to its corporate network. The company activated its security incident response prot

Unknown · March 19, 2026

RCI Hospitality Holdings, Inc.

RCI Internet Services, a subsidiary of RCI Hospitality Holdings, discovered on March 23, 2026 a cybersecurity incident that began on March 1

Priv Insider · November 18, 2025

Coupang, Inc.

On November 18, 2025, Coupang Corp. (a Korean subsidiary of Coupang, Inc.) detected a cybersecurity incident in which a former employee may

Cyber Criminals · October 15, 2025

Jewett-Cameron Trading Co. Ltd.

On October 15, 2025, Jewett-Cameron Trading Co. Ltd. discovered a threat actor had gained unauthorized access to its IT environment, deployi