Nihon Kotsu, Japan's largest taxi operator, shuts down systems after malware attack disrupts dispatch
Nihon Kotsu, Japan's largest taxi operator, disclosed that a malware infection had forced it to take core systems offline, knocking out its telephone dispatch, web booking and reservation services while it investigates whether any data was stolen.
- Victim
- Nihon Kotsu
On 13 July 2026, Nihon Kotsu β Japan's largest taxi operator, headquartered in Tokyo β confirmed that its internal systems had been subjected to unauthorised external access in the form of a malware infection, forcing the company to pull core services offline. The intrusion was detected in the early hours of Saturday 11 July 2026, and Nihon Kotsu said it immediately implemented emergency measures, including disconnecting affected systems to prevent the incident from spreading further.
The disruption knocked out much of the operator's customer-facing technology. Car hire, web booking, reservation management, the telephone dispatch service and some internal systems all remained unavailable in the days after the attack. The outage also suspended Nihon Kotsu's "labor taxi" service β a booking option used by pregnant women close to giving birth β across Tokyo and surrounding areas including Musashino, Mitaka, Tachikawa, Yokohama and Saitama, underscoring how an IT compromise at a transport provider can carry real-world consequences for riders who depend on it.
Investigation and attribution
Nihon Kotsu engaged external cybersecurity experts to assist with the investigation and system recovery and said it was examining the possibility that data had been leaked. As of its disclosure, the company had not confirmed any data theft, but it pledged to keep affected parties informed through official announcements and individual notices if new information came to light. No ransomware group or extortion gang had claimed responsibility for the attack, and the type of malware involved had not been publicly identified.
With core systems still offline and the data-exposure question unresolved, the incident remained ongoing at the time of disclosure, and Nihon Kotsu continued to work toward restoring normal service.
Timeline
Nihon Kotsu detects unauthorised external access in the early hours of Saturday and disconnects systems as an emergency containment measure.
The company publicly confirms a malware infection, says core dispatch and booking systems remain offline, and opens an investigation into possible data theft.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/japans-largest-taxi-operator-shuts-systems-after-cyberattack/
- technadu.comhttps://www.technadu.com/nihon-kotsu-confirms-malware-infection-taxi-dispatch-systems-disrupted/630850/