Breach taxonomy
Summary
Beginning June 19, 2024, Sonic Automotive experienced disruptions to its dealer management system (DMS), customer relationship management (CRM), and other sales, inventory, and accounting systems due to a ransomware attack on CDK Global, the third-party provider of these systems. Basic DMS functionality was restored by the filing date but the CRM and other systems remained offline. The incident was expected to have a material adverse impact on Sonic's Q2 2024 earnings due to slower vehicle sales during the affected period.
Tagging rationale
ThreatUnknown
Filing does not attribute the CDK Global incident to any specific threat actor; it only references a cybersecurity incident experienced by CDK → UNKNOWN.
MethodsSystem OutageSupply Chain
Systems outage resulted from CDK Global's cybersecurity incident affecting Sonic's third-party dealer management systems, making this a supply chain attack vector.