Crown Equipment Corporation
Data Security Breach/Incident Response

Last updated: August 9, 2024 

Crown Equipment Corporation (“Crown,” the “company,” or “we”) understands the importance of protecting personal data and retaining the trust of customers and employees. Unfortunately, Crown was the victim of a cyberattack, and certain sensitive personal data within the company’s custody and control was compromised. However, federal law enforcement agencies and cybersecurity experts initiated targeted operations to protect Crown, its employees and its data. Because of these initiatives, we have a high degree of confidence that any Crown data and personal data associated with this incident will not, and cannot be, used for malicious purposes. 

What Happened? 

On June 9, 2024, Crown discovered that a third party gained unauthorized access to its information technology environment. The company immediately deployed its own security measures to contain and mitigate the threat and also retained an external incident response team to help accelerate recovery efforts. Fortunately, Crown was able to contain the threat and return to a normal state of business operations in a relatively timely manner. Crown proactively notified the Federal Bureau of Investigation (FBI) of this incident and is assisting with its investigation. 

What Personal Data Was Impacted?

As part of its internal investigation into this cybersecurity incident, Crown identified that an unauthorized third party gained access to certain Crown records, such as employees’ participation in the company’s benefits and retirement programs and accident and injury reports. These records contained sensitive personal data on company employees and, in some limited circumstances, their family members (e.g., beneficiaries, dependents). 

What You Can Do/Credit Monitoring Services

There is no indication that any sensitive personal data involved in this cybersecurity incident has been misused, and as noted above, Crown has high confidence that such personal data will not, and cannot, be misused in the future. However, Crown recognizes that cybersecurity is a significant concern in today’s world, and we know that some of our employees and their families have been impacted by other cyberattacks impacting schools, hospitals, and other businesses. Although we are confident that personal data cannot be misused because of the cybersecurity incident that impacted Crown, we are offering certain individuals  potentially impacted by this incident with complimentary credit monitoring and identity theft protection services as an additional proactive risk mitigation option.

  • If you are a current employee of Crown, you will receive a separate letter in the mail about this incident and the services available to you.
  • If you are a former employee of Crown, or an immediate family member of a former employee of Crown, please inquire (via the phone number provided in the “For More Information / FAQ” paragraph below) as to whether your personal data was subject to this incident and whether you are eligible to enroll in complimentary credit monitoring services.


Suppliers and Customers

Crown generally does not retain sensitive personal data on our customers, clients, or suppliers, and therefore such personal data was likely not impacted in this incident. However, if you have concerns that your personal data was impacted by this incident, please inquire (via the phone number provided in the “For More Information / FAQ” paragraph below) and we will respond to your questions and concerns as soon as possible. 

For More Information / Frequently Asked Questions (FAQ)

Crown has established a dedicated call center to answer questions you may have about this incident, which you can reach at 1-833-531-1952, Monday – Friday, 9:00 am to 9:00 pm (EST).

Please see our FAQ and Additional Data Security Information documents for more information on resources potentially available to you.

© 2024 Crown Equipment Corporation