Crown Equipment confirms cyber attack disrupted manufacturing
4 mins read

Crown Equipment confirms cyber attack disrupted manufacturing

Crown Equipment confirms cyber attack disrupted manufacturing
Image: DigitalIceAge

Forklift manufacturer Crown Equipment today confirmed it suffered a cyberattack earlier this month that disrupted manufacturing at its factories.

Crown is one of the world’s largest forklift manufacturers, employing 19,600 people and owning 24 manufacturing plants in 14 locations worldwide.

Since around June 8, Crown employees have reported that the company was breached and all computer systems were shut down. Employees have been told not to accept MFA requests and to be wary of phishing emails.

With computer systems down, employees have been unable to clock their hours, access service manuals and, we are told, deliver machines in some cases.

In an email sent to employees yesterday and seen by BleepingComputer, Crown finally confirmed that it had suffered a cyberattack from an “international cybercriminal organization.”

Part of this email is shared below:

“We know that the evolving situation with the disruption to our IT operations has created many additional questions.

Today we can confirm that Crown’s IT system was hacked by an international cybercriminal organization which forced us to shut down our operating systems so that we could investigate and resolve the issue.

Although we always want to communicate as quickly as possible, in this situation it was important that we did not provide hackers with information they could use against us.

We determined that many of the security measures put in place by the Crown were effective in limiting the amount of data that criminals could access. We also learned that the hackers broke into our system because an employee violated our data security policies by allowing unauthorized access to their device.

We work with some of the world’s leading cybersecurity experts and have engaged the FBI. With the help of these experts, we continue to analyze the relevant data. So far, we have not seen any signs that our employees’ personal information has been targeted or that information to commit identity theft has been compromised. » – Crown email to employees

As BornCity first reported, the breach is believed to have occurred after an employee fell victim to a social engineering attack and allowed a malicious actor to install malware. remote access to your computer.

Employees told BleepingComputer that the most frustrating part of this incident was the lack of transparency and communication from the company.

Employees were initially told they would have to file for unemployment or use their paid time off (PTO) and vacation days if they still wanted to be paid for the days missed.

However, BleepingComputer has been informed that this has changed and employees will receive their regular pay in advance, with the option to make up lost hours.

Today, Crown publicly confirmed the cyberattack for the first time, saying its ongoing security measures played a role in limiting the effects of the attack.

“The company continues to overcome the disruption caused by the attack and is progressing towards the transition to normal business operations. Crown is also working closely with its customers to help them reduce the effect the incident may have on their operations “, read a shared statement. with BleepingComputer.

The company is slowly bringing its systems back online, although manufacturing remains disrupted.

Although Crown did not specify what type of cyberattack it suffered, they said it was caused by an “international cybercriminal organization,” meaning the company likely suffered a ransomware attack.

Unfortunately, if it was ransomware, that also means the company’s data was likely stolen in the attack and will be leaked if a ransom is not paid.

BleepingComputer asked Crown if ransomware was behind the attack, but they said no additional information was available beyond what was in today’s statement.