Crown Equipment Corporation has confirmed that the multi-week operations disruption resulted from a cyber attack by an international cybercrime group.
“Today, we can confirm that Crown’s IT system was hacked by an international cybercriminal organization which required us to shut down our operating systems so we could investigate and resolve the matter,” the company emailed its employees.
Founded in 1945, the New Bremen, Ohio-based Crown Equipment employs over 19,000 people across 24 manufacturing plants in 14 locations worldwide, making it the world’s fifth-largest forklift manufacturer, with an annual revenue of $4.69 billion in 2022.
It manufactures industrial equipment such as forklift trucks, counterbalance stackers, high-rack conveyors, turret trucks, hand pallet trucks, powered pallet trucks, and rider pallet trucks.
Crown employees remained in the dark during the ongoing disruption, with speculations that the company had suffered a ransomware incident after a successful social engineering attack.
Crown Equipment cyber attack attributed to social engineering attack
An email sent to employees said that Crown withheld crucial information about the June 8 cyber attack to avoid tipping off the threat actors. Crown attributed the cyber attack to an social engineering attack, stating that its internal security measures worked correctly to prevent the incident.
However, an employee violated the company’s data security policies by allowing unauthorized access to their computer. German security blogger BornCity reported that the employee fell for a social engineering scam, allowing the threat actor to install remote access software. Crown never explained the employee’s intention, but human nature remains the weakest link in any organization’s cybersecurity strategy.
“The recent cyberattack on forklift manufacturer Crown Equipment highlights the critical need for comprehensive zero-trust solutions that extend beyond the corporate network to include edge devices, such as mobile phones and personal devices,” remarked Ted Miracco, CEO, Approov. “This incident underscores the vulnerability of edge devices, which are often more susceptible to social attacks like phishing.”
Employees took to social media saying they could not clock in and decrying the lack of transparency. Later, the company allegedly told employees to stay home until further updates and requested them to apply for unemployment benefits to cover their loss of income during the recovery period. Nevertheless, employees will reportedly receive their pay in advance and make up for lost hours after the company restores its systems.
Investigation of cyber attack ongoing
Meanwhile, Crown said it was analyzing the incident to determine the nature of the information affected. The forklift manufacturer enlisted the services of a leading cybersecurity firm and a federal law enforcement agency.
Crown has ruled out the possibility that the cyber attack targeted its employees’ personal information and has no evidence that the stolen data was used for identity theft.
So far, the industrial forklift manufacturer has not disclosed the nature of the cyber attack, which is likely to be a ransomware incident, given that it involved an “international cybercriminal organization,” whose identity remains undisclosed.
Similarly, Crown has not confirmed receiving any ransom demands, which are likely to be a substantial amount, given the company’s profile and the impact of the apparent ransomware attack.
Although Crown has no ETA, it said it was closely working with its business partners to resolve the cyber attack and resume normal operations.
“The company is still working through the disruption caused by the attack and is making progress toward transitioning to normal business operations. Crown is also working closely with its customers to help reduce the effect the incident may have on their operations,” said Crown.
