Sonic Automotive reports $30M loss from CDK cyberattack in SEC filing
By onAnnouncements
Sonic Automotive, one of the nation’s largest auto dealerships, is estimating losses of about $30 million following a ransomware attack on CDK last month.
The company reported the losses in an 8-K filing with the U.S. Securities and Exchange Commission Monday.
A press release issued the same day states Sonic Automotive spent $11.6 million in excess compensation expenses related to the CDK outage. It says the company experienced “operational challenges” because of the outage for about the last 12 days of the second quarter.
“As of today, Sonic’s access to the information systems provided by CDK has been restored, however, we experienced operational disruptions throughout July related to the functionality of certain CDK customer lead applications, inventory management applications, and related third-party application integrations with CDK,” the release says. “As a result of the business disruption caused by the CDK outage, we estimate our second quarter GAAP income before taxes was negatively impacted by approximately $30 million, or $0.64 in diluted earnings per share.”
AutoNation reported a $42.8 million one-time cost associated with the CDK outage in financial records released last week. It said the cost principally consisted of compensation paid to commission-based associates to ensure business continuity. It also reported reduced earnings per share by an estimated $1.55.
Asbury Automotive Group reported last week that the CDK attack negatively impacted earnings by share by between $0.95 and $1.15. The company did not disclose what financial losses it could have from the attack.
“Estimated impacts included both internal projections of lost or deferred income and one-time expenses related to the outage and recovery,” a press release from Asbury Automotive Group said.
CDK has promised financial relief to more than 15,000 dealerships impacted by the attack, according to CBT Global.
Media has reported the company likely paid a $25 million ransom to Eastern European hacking group BlackSuit following the attack that caused systems first to shut down on June 19.
The system remained offline for nearly two weeks, with most systems restored by late July 3 and early July 4.
A series of class action lawsuits have been filed by dealerships and collision centers following the cyberattack.
Smith Collision Center and Broadway Precision Collision, both located in Ada, Oklahoma, join plaintiffs Manderbach Ford, located in Hamburg, Pennsylvania, and DLR Auto Group, located in Agoura Hills, California, in a class action suit filed in the Northern District of Illinois Eastern Division court July 12.
Jay Kay Collision Center has also filed suit in the same court June 25.
Images
Photo courtesy of BalkansCat/iStock