One Crown voice mail shared with employees on Sunday, June 9 said: “Crown is currently experiencing a disruption to our IT operations. As a result, our manufacturing operations throughout the New Bremen areas, Green Castle … and New Castle will be suspended until first shift Tuesday June 11,” said a Dayton Daily News report.
Message to Employees
Another message sent to employees on Tuesday, June 11, said the company was making progress on the IT front, but wasn’t ready to begin manufacturing in Troy, the ‘New Bremen areas,’ Celina, Minster, New Knoxville, Fort Loramie and other sites until first shift on Monday, June 17.”
Some manufacturing area “alternate work activities” in some areas were continuing the message said. “Those employees have already been notified.”
“Office employees at these locations should not report to their respective offices due to system access issues unless otherwise directed by their manager. Those who are able to work from home should do so,” that message also said.
It remains unclear how many manufacturing sites resumed operations.
Crown makes lift trucks and material handling equipment. Those products are in-demand in the world of e-commerce, where almost anything you buy gets moved by a forklift.
The company, based in New Breman, in Auglaize County, Ohio had 5,000 employees in the state and was one of the state’s Top 70 employers before the COVID-19 pandemic. Its workforce at that time had grown by 50 percent in the previous five years.
The company has nine manufacturing sites in the immediate area around New Bremen, where they have five plants.
And the company remains family-owned, even as it brings in more than $3 billion in annual revenue, according to one industry estimate in 2019.
In an email sent to employees June 19, Crown confirmed they suffered a cyberattack by an “international cybercriminal organization:”
Email from Employer
“We know that the evolving situation with the disruption in our IT operations has created many additional questions.
“Today, we can confirm that Crown’s IT system was hacked by an international cybercriminal organization which required us to shut down our operating systems so we could investigate and resolve the matter.
“While we always want to communicate as timely as possible, in this situation it has been important that we do not provide the hackers information they could use against us.
“We determined that many of the security measures Crown had in place were effective in limiting the amount of data the criminals were able to access. We also learned that the hackers gained entry into our system because an employee failed to adhere to our data security policies by allowing unauthorized access to their device.”
As first reported by BornCity, and as Crown alluded to, the incident started after an employee fell for a social engineering attack which allowed an attacker to install remote access software on their computer.