Update: July 1, 2024:
Crown has resumed operations following the cyberattack. Originally disclosed on June 19 that they had fallen victim to a cyberattack from an international cybercriminal organization. John Tate, senior vice president at Crown, noted that thanks to security measures in place and prompt action taken by IT staff as well as assistance provided by some of the world’s foremost cybersecurity experts they were quickly able to address and contain the situation.
Crown’s retail sales and service operations as well as office functions that had continued during its production pause have returned to normal operations, and Crown has extended its thanks for all their employees, customers, and suppliers’ assistance in helping resolve this matter.
Crown is currently working with federal law enforcement to conduct further investigation of this incident and has pledged to utilize insights gained through this experience to evolve its cybersecurity program and enhance prevention and mitigation efforts.
Key Takeaways
- Crown Equipment Corporation, a major forklift manufacturer, faces a suspected cyberattack and global IT outage.
- Production plants have been shut down, and employees report unpaid due to IT issues.
- While the company remains tight-lipped, employees and online discussions suggest a potential ransomware attack.
- The lack of official communication has fueled speculation and criticism of Crown’s incident handling.
- The situation highlights the importance of cybersecurity preparedness and transparent communication during data breaches or cyberattacks.
Crown Equipment Corporation, one of the world’s premier suppliers of forklift trucks and industrial equipment, was recently hit with an apparent cyberattack. This prompted global IT outages that forced production plants worldwide to close while leaving employees without access to essential systems.
About Crown Equipment Corporation
Crown Equipment Corporation of New Bremen, Ohio in the United States is one of the fifth-largest manufacturers of forklift trucks, industrial trucks and high-rack conveyors worldwide.
Crown operates regional headquarters in Australia, China, Germany, and Singapore, with its European headquarters based in Feldkirchen near Munich. Crown also maintains a production facility in Roding, Bavaria, Germany.
Worldwide IT Systems Down and Production Halted
Since Monday, June 10, 2024, production at Crown’s sites in Roding, Germany, has been at a standstill due to a reported IT system outage.
The company’s websites (crown.com) are inaccessible, with attempts to visit resulting in an error message stating “crown.com is temporarily unavailable.” Additionally, the company’s phone lines appear to be down, making it challenging to reach them.
Suspicions of a Cyberattack and Ransomware Involvement
While Crown Equipment Corporation’s management remains tight-lipped about the situation, employee reports and online discussions suggest a potential cyberattack, possibly involving ransomware. Employees have taken to social media platforms like Twitter and Reddit to express their frustrations, claiming they have not been paid due to the IT issues
One Twitter user, allegedly a Crown employee, stated, “thanks for letting your servers be hacked and not paying your employees. It’s not like we have bills or anything. I thought I worked for a better company.” Another tweet from a purported employee read, “Hey Jon, I work for Crown Equipment, a billion-dollar company with 19,000 plus employees. We were hit with a cyberattack and are currently not working. Now they tell us no pay! This after bragging about being an employee-first company, have to love corporate America.”
A Reddit thread was started to discuss the hack:
Crown Lift Trucks experiencing phishing hack. Company told staff to stay home for "further updates" and told them to seek unemployment while systems are offline.
byu/williams2242 inLinusTechTips
Lack of Official Communication and Speculation
Crown Equipment Corporation has yet to issue an official statement about the nature or extent of this incident, leading to much speculation and rumor among cybersecurity communities and employees alike.
Reports indicate that the company advised employees not to delete data from their tablets, and implemented additional security measures, including shortening multi-factor authentication timeout periods and restricting access to Office 365 apps such as email, Teams, SharePoint, and OneDrive for company devices only.
>Handling of the Incident Criticized
The way Crown Equipment Corporation has handled this incident has drawn criticism from cybersecurity experts and observers. The lack of transparency and clear communication has left customers and employees in the dark, leading to widespread speculation and concerns about the potential data breach and its implications.