Crown Equipment Corporation, a leading manufacturer of industrial forklifts, has disclosed a data breach resulting from a cybersecurity incident in June 2024.
This breach potentially exposed sensitive personal data of employees and their family members. The company has initiated multiple security measures and is offering credit monitoring services to affected individuals.
The breach was discovered on June 9, 2024, when Crown detected unauthorized access to certain areas of its IT environment. Despite the swift implementation of containment measures, including taking affected systems offline and engaging a cybersecurity incident response team, Crown confirmed that sensitive employee data had been accessed.
While the company expresses confidence in the notifications it sent to impacted individuals that the compromised data cannot be misused, it acknowledged the potential exposure of personal information such as Social Security numbers, driver's license numbers, financial account details, and health information.
Crown Equipment Corporation, headquartered in New Bremen, Ohio, is the fifth-largest global manufacturer of forklift trucks, with over 19,600 employees and $5.18 billion in revenue as of 2023. The company operates globally, with manufacturing, distribution, and sales facilities in the United States, Europe, and Asia. Known for its innovative material handling solutions, Crown plays a significant role in industries that require efficient transportation of goods within warehouses and distribution centers.
In response to the breach, Crown has taken several steps to mitigate risks and protect its stakeholders. The company enlisted third-party IT security consultants to evaluate and enhance its existing security infrastructure. Additionally, federal law enforcement agencies were notified, and cybersecurity partners were involved to ensure that the stolen data cannot be exploited by the attackers or any other malicious entities.
The compromised data was primarily found in files related to Crown's Human Resources department. Although the main HR database was not accessed, the breach affected records containing “census data” used for employee benefits programs. This data also included information on workplace injuries and other administrative records.
To support those potentially affected by the breach, Crown is offering complimentary credit monitoring and identity theft protection services through Cyberscout, a subsidiary of TransUnion. Affected individuals are encouraged to enroll in these services within 90 days to benefit from 24-month coverage, which includes alerts for changes to their credit files and proactive fraud assistance.
Crown's senior leadership has expressed regret over the incident and reassured employees and their families that the company is taking all necessary steps to prevent future breaches. The company has also established a dedicated call center to address any concerns or questions related to the incident.
While Crown maintains confidence in the security measures taken post-breach, they advise all affected individuals to remain vigilant by regularly reviewing account statements and credit reports for any unauthorized activity. The company provided detailed instructions on how to obtain free credit reports and how to place fraud alerts or security freezes on credit files as an added precaution.
New ‘AndroCon’ Attack Exploits GPS Signal Metadata to Breach User Privacy
Leave a Reply