Breach taxonomy
Summary
Beginning June 19, 2024, Sonic Automotive experienced disruptions to its dealer management system (DMS), customer relationship management (CRM), and other sales, inventory, and accounting systems due to a ransomware attack on CDK Global, the third-party provider of these systems. Basic DMS functionality was restored by the filing date but the CRM and other systems remained offline. The incident was expected to have a material adverse impact on Sonic's Q2 2024 earnings due to slower vehicle sales during the affected period.
Tagging rationale
ThreatUnknown
Filing does not attribute the CDK Global incident to any specific threat actor; it only references a cybersecurity incident experienced by CDK → UNKNOWN.
MethodsSystem OutageSupply Chain
Systems outage resulted from CDK Global's cybersecurity incident affecting Sonic's third-party dealer management systems, making this a supply chain attack vector.
AssetsRevenue Process
Sonic's DMS, CRM, and systems supporting vehicle sales, inventory, and accounting — all core revenue-generating operations — were disrupted.
EffectsBiz Interruption
Disruption to DMS and CRM caused slower vehicle sales and a material adverse impact on Q2 2024 earnings, resulting in significant business interruption.
Business continuityFailed
Basic DMS functionality was partially restored but CRM and other critical systems remained offline at filing date with no clear restoration timeline, and material financial impact on Q2 results was disclosed → Failed.
Impact
CDK Global supply chain attack disrupted Sonic's core dealer operations for weeks causing material impact on Q2 2024 earnings due to reduced vehicle sales.
InsuranceNot disclosed
Filing makes no mention of insurance.
Read the original SEC filing excerpt
Item 1.05. Material Cybersecurity Incidents. As previously disclosed on its Current Report on Form 8-K filed on June 21, 2024, Sonic Automotive, Inc. has experienced disruptions since June 19, 2024 in its access to certain information systems provided to the Company by CDK Global due to a cybersecurity incident experienced by CDK. The affected systems include the Company's dealer management system, its customer relationship management system and other systems that support sales, inventory and accounting functions. As of the date of this filing, access to the basic functionality of the DMS has been restored. Other Affected Systems, including the CRM and certain functions of the DMS, remain offline as the Company continues to investigate and test such systems. The timing of restoration of full access to all Affected Systems remains unclear. Based on the information available to the Company on the date hereof, the Company concluded that the Incident is reasonably likely to have a material impact on the Company's results of operation for the second fiscal quarter ended June 30, 2024 due to, among other things, a slower rate of vehicle sales during the period since June 19, 2024 due to the impact of the Incident on the Affected Systems.