Cyberattacks are so common these days that it’s hard to care when you hear about another one if it doesn’t impact you directly, but the massive attack on dealerships this week is a huge deal as it could cripple thousands of dealerships on one of the biggest selling weekends of the year. And that’s to say nothing of the data concerns.
As if things weren’t already a bummer, a supplier that’s supposed to help Ford ship its NACS adapters to Mach-E and F-150 Lightning owners has hit a snag and it’s slowing everything down. That’s not as big of an issue for hybrid owners, who don’t have to plug in, and new projections show that there will be more and more of them going forward.
And finally, the R35 GT-R will soon be no more, but at least we have the memories.
We Don’t Really Know How Bad The CDK Global Cyberattack Is Going To Get
Last Friday, giant dealer back-end services company CDK Global put out a blog post underlining how important the start of the summer is to the roughly 15,000 dealers it serves.
Whether you consider summer starting on Memorial Day, the last day of school, or the official start on June 20, it starts at dealerships much sooner. Millions of families are planning their vacations, and according to experts at The Vacationer, nearly 80% of people say they’re planning a road trip this summer. Memorial Day road travel was the busiest in 20 years according to AAA.
For dealers, this presents increased opportunities for vehicle sales, service and, of course, revenue.
The issue for dealers who use CDK Global’s dealership management system (DMS) tools is that they might not be able to do sales or service right now. As previously reported, CDK Global shut down all its services on Wednesday due to a “cyber incident.” This meant that dealers, depending on how many of CDK Global’s services they use, were restricted from using any digital tools to sell cars, track sales, schedule service, and possibly even answer the phone.
CDK Global said the issue was handled quickly, but then said a second attack forced them to shut down on Wednesday night and many of their systems have been down ever since.
According to Automotive News, this is likely to continue through the weekend at least:
CDK’s shutdown threatens to disrupt thousands of new-vehicle transactions taking place each day across the North American auto retail segment right in the heart of summer sales promotions and the industry’s intense push to avoid inventory buildups on dealer lots. Moreover, the cyberattack has raised alarms about security in the DMS business after other cyberattacks have disrupted operations at casinos, financial institutions and hospitals.
Dealers are finding creative ways around this, including relying on automakers for additional help closing deals and doing everything using paper.
Why is this such a big deal? First, it’s an issue of scale. Last year the industry was worth about $1.2 trillion to the U.S. economy and this is one of the busiest weekends of the year. Almost 2 million people work for auto dealers in the United States and this is hitting about half of dealerships (plus probably more truck dealers). If hourly employees can’t work or get paid that’s going to have an impact on their lives and the economy at large, depending on how long this lasts.
Second, and scarier, is that CDK Global hasn’t, so far as I’ve seen, fully explained the scope of the attack. A car dealer generally needs a huge amount of data in order to sell a car, especially for financing a car. How much of that data is at risk?
The unknowns in this story are as scary as the knowns right now.
If You Haven’t Gotten A Ford/NACS Adapter You Might Have To Wait A Bit Longer
When Ford announced it was switching over to the Tesla/NACS charging standard it created a stampede of automakers saying they’d do the same. Earlier this year Ford started rolling out an adaptor to make its existing vehicles work on Tesla superchargers, but that’s now hit a snag.
“The supply is constrained,” said Ford spokesman Marty Gunsberg. “Sales are up and customers continue to reserve their complimentary adapter. We keep getting reservations.”
Ford customers waiting for their adapter have received emails saying shipment dates are delayed.
This is not an issue of Ford underestimating demand, Gunsberg said. “We’re not overwhelmed. This is what we anticipated. While we’re shipping weekly, reservations continue to come in.”
Ford isn’t saying which supplier is slowing them down.
How Many Hybrids And EVs Will There Be In 2030?
S&P Global Mobility has revised its forecast for the powertrain mix in the United States and, yup, there are projected to be a bunch of hybrids in our future. Looking at that chart above you can see EVs continuing to grow, with mild/full hybrids filling up a lot of space, as well as more range-extended EVs.
As we edge closer to 2030, BEVs and hybrids are likely to steer the future of transportation in North America. Despite more rapid electrification in other regions, North America’s production trails slightly, at just between 9% and 10% for BEVs and fuel cell vehicles. However, projections suggest a significant leap, with 44% of vehicles forecasted to be BEVs or fuel cell models by the decade’s end.
Bring back the i3? Clearly, BMW should bring back the i3.
Remembering The R35 Nissan GT-R
The R35 Nissan GT-R is no more after this year, which is sad, though the car has been on sale almost the entire time I’ve been in this biz so maybe it’s the car’s time (but not mine).
Nissan reached out to a bunch of auto journalists to remember Godzilla, including MotorWeek‘s John Davis and MotorTrend‘s Frank Markus. You can read all the remembrances here. Here’s mine:
I debuted in the automotive world in 2007, right around the same time as the Nissan GT-R, though the R35 did it to far more fanfare and acclaim. It’s almost impossible to convey in words how much the R35 dominated the attention of car fans back in the early blog era. It wasn’t a car, it was the car. If we were having a slow news day, we always knew that publishing anything with a GT-R in it was a guaranteed hit.
How could it not be? The GT-R had concept car looks, stats to rival the best supercars of the day and was initially offered at a surprisingly achievable price. In spite of writing about it from the beginning, I didn’t get a chance to put real miles on one until years later. Somehow, after years of hype, the R35 Nissan GT-R managed to exceed my impossibly lofty expectations.
So long, GT-R! I can’t wait to meet the next one.
What I’m Listening To While Writing TMD
Today was going to be Janis Joplin doing “Summertime” but I’ll save that for next week, because this is what I’m actually listening to today. Bonus points if you can name the singer here.
The Big Question
When was the last time you had an interaction with a dealership? If you work for a dealer, what are the vibes?
Top photo: CDK Global
My sister and I went to go look at a used Yukon at a LR/RR/Jag dealer in Bellevue, it was super easy, they were extremely nice. She got her trade-in number, we left. She and her husband came back a few days later and bought it. Couldn’t have nicer things to say about it.
My sister and I went to go look at a used Yukon at a LR/RR/Jag dealer in Bellevue, it was super easy, they were extremely nice. She got her trade-in number, we left. She and her husband came back a few days later and bought it. Couldn’t have nicer things to say about it.
“Hybris”
That’s the term for ritual circumcision of a 1080p-enis.
“Hybris”
That’s the term for ritual circumcision of a 1080p-enis.
The last time?
Nissan dealer. They did the oil change I requested, charged me for an oil change and tire rotation. I told them they didn’t do the tire rotation and it needed to be done.
They got the shocked and appalled face on and tried to claim I didn’t know what I was talking about – but on chatting with the tech they found out he felt it did not need to be done because the tread depth was similar.
That was true. Tread depth was similar but their was different wear on the front and rear due to IFS and solid rear axle so I told them to do it anyway.
40 minutes later they pull it out with the tires rotated. I squirm my way home and find out my front tires still have 80 PSI and the rears have 50 PSI, they failed to reset the TPMS (a real hassle in this van), and the lug nuts varied from 25 ft lbs to 125 ft lbs.
I wrote the service manager and told them they’d be reimbursing the service. He agreed and I became $50 less poor again. He passive aggressively then stated that he didn’t see enough oil changes in their system for the mileage of my car and that they wouldn’t cover any engine warranty work unless I had receipts for the other oil changes.
I will not be returning. I don’t care how much more the independent service is.
I learned the hard way that this is not a good reason to skip tire rotations. I let them go on my Jeep because the tread depth kept being even for many tens of thousands of miles. Then at some point I realized my tire noise was terrible and took a closer look at the fronts. The shoulder blocks had all worn weirdly and were causing quite a racket. Since then I am religious about rotating tires because those tires were basically ruined with a lot of miles left in them.
The last time?
Nissan dealer. They did the oil change I requested, charged me for an oil change and tire rotation. I told them they didn’t do the tire rotation and it needed to be done.
They got the shocked and appalled face on and tried to claim I didn’t know what I was talking about – but on chatting with the tech they found out he felt it did not need to be done because the tread depth was similar.
That was true. Tread depth was similar but their was different wear on the front and rear due to IFS and solid rear axle so I told them to do it anyway.
40 minutes later they pull it out with the tires rotated. I squirm my way home and find out my front tires still have 80 PSI and the rears have 50 PSI, they failed to reset the TPMS (a real hassle in this van), and the lug nuts varied from 25 ft lbs to 125 ft lbs.
I wrote the service manager and told them they’d be reimbursing the service. He agreed and I became $50 less poor again. He passive aggressively then stated that he didn’t see enough oil changes in their system for the mileage of my car and that they wouldn’t cover any engine warranty work unless I had receipts for the other oil changes.
I will not be returning. I don’t care how much more the independent service is.
I learned the hard way that this is not a good reason to skip tire rotations. I let them go on my Jeep because the tread depth kept being even for many tens of thousands of miles. Then at some point I realized my tire noise was terrible and took a closer look at the fronts. The shoulder blocks had all worn weirdly and were causing quite a racket. Since then I am religious about rotating tires because those tires were basically ruined with a lot of miles left in them.
I have a Subaru place by home and by work – the latter gave us a better price and some freebies when we bought our most recent car. The former, which used to be great to work with, has gone “no haggle” now and stood by it even when they knew they were getting beaten by the other place (I called and gave them a chance to match).
Service has been similar – home place takes forever, gets pissy about stuff, and suggests bs work, while the work place has finished my last two oil changes in <30 minutes each and been nothing but friendly and has lower prices on service, too.
Crazy thing is they are now both owned by the same corporate overlord, but the experience has diverged a ton since each was bought out.
I have a Subaru place by home and by work – the latter gave us a better price and some freebies when we bought our most recent car. The former, which used to be great to work with, has gone “no haggle” now and stood by it even when they knew they were getting beaten by the other place (I called and gave them a chance to match).
Service has been similar – home place takes forever, gets pissy about stuff, and suggests bs work, while the work place has finished my last two oil changes in <30 minutes each and been nothing but friendly and has lower prices on service, too.
Crazy thing is they are now both owned by the same corporate overlord, but the experience has diverged a ton since each was bought out.
Time for an R36 😀
Renault 36 GT-R
Nissan (Skyline) GT-R
Mitsubishi (3000) GT-R
Time for an R36 😀
Renault 36 GT-R
Nissan (Skyline) GT-R
Mitsubishi (3000) GT-R
The dealership I purchased my car from requires an appointment for trivial things such as oil changes. And I’ve got to book it weeks in advance.
The other half’s former car, the dealership for it had drive-up oil changes.
It’s just a small thing, but it reduces the chance I’d go back to that dealership for more serious service (warranty/recalls excepted) and, instead, helps me find ways to get it done by my local mechanic or myself.
You know you can bring your car to any of the same-make dealer right? Some people have the mistaken assumption they have to take their car back to the dealer they bought from for service. The reality is, if you bought a Ford – take it to any Ford dealer, etc. Once you are out of warranty I’d recommend an independent shop unless you have specific issues with things like electronics.
It’s actually a common behaviour from local dealers to force you to make an appointment for oil changes. As though they’ve actively discouraged a ‘drop in’ for service.
but, yes, considering I’ve three Honda dealers “local” to me, three Nissan, three Toyota, four Ford… with only one Subaru, one Volvo, one Mercedes. I would say only two or three of the dealerships total even offer service outside of the typical 9-5.
The hours are the biggest draw to use dealer service in my area. They are usually open 7-7, 7 days a week. Hell one Lexus dealer here claims to be open 365 days a year. Meanwhile the indie guy is 9-5, M-F. Certainly can’t beat that kind of availability.
The dealership I purchased my car from requires an appointment for trivial things such as oil changes. And I’ve got to book it weeks in advance.
The other half’s former car, the dealership for it had drive-up oil changes.
It’s just a small thing, but it reduces the chance I’d go back to that dealership for more serious service (warranty/recalls excepted) and, instead, helps me find ways to get it done by my local mechanic or myself.
You know you can bring your car to any of the same-make dealer right? Some people have the mistaken assumption they have to take their car back to the dealer they bought from for service. The reality is, if you bought a Ford – take it to any Ford dealer, etc. Once you are out of warranty I’d recommend an independent shop unless you have specific issues with things like electronics.
It’s actually a common behaviour from local dealers to force you to make an appointment for oil changes. As though they’ve actively discouraged a ‘drop in’ for service.
but, yes, considering I’ve three Honda dealers “local” to me, three Nissan, three Toyota, four Ford… with only one Subaru, one Volvo, one Mercedes. I would say only two or three of the dealerships total even offer service outside of the typical 9-5.
The hours are the biggest draw to use dealer service in my area. They are usually open 7-7, 7 days a week. Hell one Lexus dealer here claims to be open 365 days a year. Meanwhile the indie guy is 9-5, M-F. Certainly can’t beat that kind of availability.
They won’t do that until they are 100% certain what the scope is. From a PR perspective, they need to be correct. If they issue multiple statements as they find new problems – or worse, walk statements back because they were wrong – the fallout would be worse than if they had waited until they were sure.
Most orgs will not make a definitive public statement until they have identified the root cause and they’re satisfied that the scope of the incident is clearly delineated. If they have an ounce of sense, they have already engaged at least one Digital Forensics & Incident Response (DFIR) firm to handle the specialized work. If they have cyber insurance, some choices were likely made for them: if they plan to file a claim against the policy, they will need to follow the insurance company’s guidance and use authorized providers (similar to how auto insurance authorizes body shops to do repairs).
The bottom line, though – and I mean this in the nicest possible way – is that this is no scarier than any other breach. The data concerns here are the same as in many other events, primarily due to the overuse of the Social Security Number (SSN) as a unique identifier. Yes, the dealerships will be busy. You know who else was busy and got breached? Target, Home Depot, lots of hospitals/health care providers, lots of schools, and the Veterans Administration.
The most likely outcome will be a public statement (eventually) from CDK saying “we’ve concluded the investigation and have determined that all issues have been remediated. Individuals whose data was compromised will be eligible for X months of credit monitoring from [whomever]. We take cyber security seriously, etc. etc. etc.”
They won’t do that until they are 100% certain what the scope is. From a PR perspective, they need to be correct. If they issue multiple statements as they find new problems – or worse, walk statements back because they were wrong – the fallout would be worse than if they had waited until they were sure.
Most orgs will not make a definitive public statement until they have identified the root cause and they’re satisfied that the scope of the incident is clearly delineated. If they have an ounce of sense, they have already engaged at least one Digital Forensics & Incident Response (DFIR) firm to handle the specialized work. If they have cyber insurance, some choices were likely made for them: if they plan to file a claim against the policy, they will need to follow the insurance company’s guidance and use authorized providers (similar to how auto insurance authorizes body shops to do repairs).
The bottom line, though – and I mean this in the nicest possible way – is that this is no scarier than any other breach. The data concerns here are the same as in many other events, primarily due to the overuse of the Social Security Number (SSN) as a unique identifier. Yes, the dealerships will be busy. You know who else was busy and got breached? Target, Home Depot, lots of hospitals/health care providers, lots of schools, and the Veterans Administration.
The most likely outcome will be a public statement (eventually) from CDK saying “we’ve concluded the investigation and have determined that all issues have been remediated. Individuals whose data was compromised will be eligible for X months of credit monitoring from [whomever]. We take cyber security seriously, etc. etc. etc.”
I’ll share my grandma’s last dealership experience because she’s a boss.
Grandparents go to the GM dealer to look at a new Acadia. The salesman is extremely dismissive of my grandma. Won’t even look at her– only talks to my grandpa.
So they leave and go to the Cadillac dealership down the street and immediately buy a loaded XT5. My grandma (who doesn’t drive anymore) has my grandpa drive it back over to the GM dealership. She asks the front counter to send this sales dude out, then very sweetly tells him she “just wants to show him the new car!”
I’ll share my grandma’s last dealership experience because she’s a boss.
Grandparents go to the GM dealer to look at a new Acadia. The salesman is extremely dismissive of my grandma. Won’t even look at her– only talks to my grandpa.
So they leave and go to the Cadillac dealership down the street and immediately buy a loaded XT5. My grandma (who doesn’t drive anymore) has my grandpa drive it back over to the GM dealership. She asks the front counter to send this sales dude out, then very sweetly tells him she “just wants to show him the new car!”
Last interaction was buying my wife’s car. They came out with a price that was higher than the internet price and were confused when I pulled it up on the website on my phone. They at least honored the price, but refused to negotiate any lower.
Last interaction was buying my wife’s car. They came out with a price that was higher than the internet price and were confused when I pulled it up on the website on my phone. They at least honored the price, but refused to negotiate any lower.
My dealership interactions are almost daily as there are some parts that are dealer-only and our local Porsche, Mercedes and BMW dealers are all affected. It has definitely made things a bit slower, but I have parts resources they don’t, so it’s not too big of a deal.
My dealership interactions are almost daily as there are some parts that are dealer-only and our local Porsche, Mercedes and BMW dealers are all affected. It has definitely made things a bit slower, but I have parts resources they don’t, so it’s not too big of a deal.
Nice green.
Yeah, of course that one. You see any other green up there?
Nice green.
Yeah, of course that one. You see any other green up there?
I think the last time I set foot on a car dealership property was stopping to charge on a weekend, so the place was closed. No people, so we just wandered around a bit, and the 3 year old played in some rocks before we continued on our way. Pretty nice experience with no one there.
I think the last time I set foot on a car dealership property was stopping to charge on a weekend, so the place was closed. No people, so we just wandered around a bit, and the 3 year old played in some rocks before we continued on our way. Pretty nice experience with no one there.
Most recent dealership interactions:
As someone who sold cars, that is funny that the guy who worked on commission couldn’t be bothered with you and then he lost a sale.
Same happened to me when I stopped to look at a mustang conv. back in the day. Granted, I was 19, so I didnt look like a good prospect. Low man on the pole got the sale and a couple more down the road. I had just received an insurance payout, so cash in hand.
I get it, I spent 2 hours with someone only for them to walk because they thought they could get it for $100 cheaper across town. Meanwhile your co-workers are making sales. But usually you could also feel them out a bit and determine if they were just a tire kicker, instead of just not even wanting to talk to them.
The rental Ford Tempo I was driving probably didn’t help my case 🙂
It can also be the dealership vibe. I remember in my 20’s going to a Lexus dealer, we were legitimately shopping for a Lexus. They just tossed us the keys, didn’t even come on the drive with us, no interrogation prior to it. Came back in, they shared some numbers, we said we would think about it…that was it. Easiest interaction with a car dealership ever. Wasn’t the right car for us though.
Compare to going to other dealers where they like want to hold your passport and credit card while you take a test drive accompanied by the over-cologned sales guy in the back seat, prior to them trying some “BUY NOW” sales offer inside afterward.
Basically had that same easy going/low pressure experience buying my wife’s almost new Crosstrek. Subaru dealership is a regional family owned one with multiple brands across town. Ending buying an older used car for my daughter there last year, based on previous positive experience.
They don’t work on cars older than 10 years?!
Local Mazda dealer in Memphis straight up turned away maintenance work. Said they don’t like to deal with parts issues on older vehicles. They produced the same model through 2014; maybe I should have lied about the year and then said oops.
I was completely caught off guard. Google informed me this is becoming more common across many car brands. I guess I get it. The computer chips, software and screens that run your car are going to be non-existent in short order and much harder to keep running versus something mechanical.
It’s a subtle way to get someone with an older car to consider new.
It may make me think the brand doesn’t stand behind their vehicles and I should consider another manufacturer.
Not working on cars older than 10 years? That is bananas. Think of how many cars 10+ years old need LOTS of work done on them?
It’s also a way to have almost no mechanics and several techs. If you know that you’re not going to do much more than change an occasional sensor, perform regular service, and follow manufacturer instructions, you don’t pay for expertise or experience. Staffing costs stay a lot lower.