Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure.
The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company’s taxi dispatch system, which remains offline as of today.
Nihon Kotsu is Japan’s largest taxi and chauffeur (hire) operator by group revenue, with annual revenue of roughly $1 billion (¥155 billion).

The company employs 18,228 people and operates a fleet of 8,558 taxis and more than two thousand chauffeur vehicles.
“We have confirmed that our internal systems were subjected to unauthorized external access (malware infection),” reads Nihon Kotsu’s statement (automated translation).
“Immediately after detecting the unauthorized access, we implemented emergency measures, including disconnecting systems to prevent further damage,” added the firm at another point.
As a result of this incident, car hire, web booking, reservation management, the telephone dispatch service, and some internal systems remain unavailable, the company said.
The company suggested that people seeking its car services should use the ‘GO’ taxi app instead, or just visit a nearby taxi stand to book a Nihon Kotsu vehicle.
In a separate announcement, the firm specifies that the “labor taxi” service booked by pregnant women close to giving birth is suspended in the areas of Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama.
The firm states that it has engaged external cybersecurity experts to help with the investigation and system recovery and is currently looking into the possibility of data having been leaked.
At this point in the investigation, no such data leak has been confirmed, but Nihon Kotsu is considering this possibility and has promised to provide updates through official announcements and personalized notices if new information emerges.
Meanwhile, customers of Nihon Kotsu are advised not to open attachments received via suspicious communications claiming to originate from the company, and to avoid clicking any links in those messages.
At the time of writing, no ransomware groups or extortion gangs have assumed responsibility for the attack.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Get the whitepaper

