Group 1 Automotive Provides Statement on CDK Cybersecurity Incident
Group 1 Automotive (NYSE: GPI) announced a disruption in its U.S. operations due to a cybersecurity incident experienced by third-party software provider CDK Global. The company activated its cyber response procedures and isolated its systems from CDK's platform. Despite the outage, all U.S. dealerships continue operations using alternative processes, while U.K. dealerships remain unaffected. CDK expects dealer management systems to be restored within days, but the timeline for other applications is unclear. Group 1 is closely monitoring the situation and will take further action if necessary. The company emphasizes its commitment to customer experience and thanks all stakeholders for their patience.
- All U.S. dealerships continue to operate using alternative processes.
- U.K. dealerships remain unaffected by the CDK service outage.
- Cybersecurity incident disrupted Group 1's U.S. operations.
- Unclear timeline for restoration of some CDK applications.
Insights
The incident involving CDK Global LLC, a third-party software provider, underscores the vulnerability of supply chain cybersecurity in the automotive retail sector. Group 1 Automotive's quick activation of cyber incident response procedures highlights the importance of having robust contingency plans. This scenario reveals a critical dependency on external IT service providers, which can significantly disrupt operations when breached. The decision to rely on alternative processes while maintaining customer service indicates operational resilience. However, prolonged disruption, even if limited to a few days, could affect revenue and customer satisfaction. Investors should consider the potential reputational risk and the costs associated with managing the fallout of this incident.
From a financial perspective, the immediate impact of the CDK incident on Group 1's U.S. operations is uncertain. The company's ability to continue business using alternative methods suggests that the top-line impact might be mitigated in the short term. However, the lack of clarity on the timeline for restoring all affected applications leaves room for potential revenue dips if the issue extends. Investors should monitor subsequent earnings reports for any noted financial impacts. The situation also raises concerns about future IT investments and possible increased spending on cybersecurity measures, which could affect the company's cost structure.
In response, the Company immediately activated its cyber incident response procedures and proactively took measures to protect and isolate its systems from CDK's platform. Despite the CDK service outage, all Group 1 U.S. dealerships continue to conduct business using alternative processes until CDK's dealers' systems are available. The Company's dealerships in the
CDK has advised that it anticipates the restoration of the dealer management system will require several days and not weeks. The timing of the restoration of other impacted CDK applications remains unclear at this time. Group 1's ability to determine the material impact, if any, of the CDK incident and the resulting service outage, will ultimately depend on a number of factors, including when, and to what extent, the Company resumes its access to CDK's dealers' systems. Group 1 is closely monitoring this situation and will take additional action if determined necessary.
"Our associates are coming together with an unwavering focus on delivering the best possible customer experience. Their efforts have been nothing short of exemplary. We'd like to thank our team, our customers, and our partners for their patience as we navigate this outage," said Daryl Kenningham, Group 1's President and Chief Executive Officer.
ABOUT GROUP 1 AUTOMOTIVE, INC.
Group 1 owns and operates 202 automotive dealerships, 264 franchises, and 42 collision centers in
Group 1 discloses additional information about the Company, its business, and its results of operations at www.group1corp.com, www.group1auto.com, www.group1collision.com, www.acceleride.com, www.facebook.com/group1auto, and www.twitter.com/group1auto.
FORWARD-LOOKING STATEMENTS
This press release contains "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995, which are statements related to future, not past, events and are based on our current expectations and assumptions regarding our business, the economy and other future conditions. These statements address Group 1's expectations or beliefs regarding future events, actions or performance, including the impact of the CDK cybersecurity incident on Group 1, including its financial condition and results of operations. Factors that could affect future developments and performance include access to the CDK platform, and CDK's ability to contain and remediate the cybersecurity incident and other risk and factors contained in the documents that Group 1 has filed with the Securities and Exchange Commission.
Investor contacts:
Terry Bratton
Manager, Investor Relations
Group 1 Automotive, Inc.
ir@group1auto.com
Media contacts:
Pete DeLongchamps
Senior Vice President, Manufacturer Relations, Financial Services and Public Affairs
Group 1 Automotive, Inc.
pdelongchamps@group1auto.com
or
Clint Woods
Pierpont Communications, Inc.
713-627-2223
cwoods@piercom.com
View original content:https://www.prnewswire.com/news-releases/group-1-automotive-provides-statement-on-cdk-cybersecurity-incident-302179875.html
SOURCE Group 1 Automotive, Inc.
FAQ
What recent incident affected Group 1 Automotive's U.S. operations?
Are Group 1 Automotive's U.K. dealerships affected by the CDK cybersecurity incident?
How is Group 1 Automotive handling the CDK service outage?
When will the CDK dealer management systems be restored?
What measures has Group 1 Automotive taken in response to the CDK incident?
