Nihon Kotsu, Japan’s largest taxi and chauffeur hire operator by group revenue, has confirmed that a cyberattack compromised its internal systems, prompting the company to shut down parts of its infrastructure. The intrusion occurred early Saturday morning and continues to affect operations days later.
The company, which generates roughly $1 billion (155 billion yen) in annual revenue and employs 18,228 people across a fleet of 8,558 taxis and more than two thousand chauffeur vehicles, said it detected “unauthorized external access” consistent with a malware infection. In response, Nihon Kotsu disconnected affected systems as an emergency containment measure.
Services still down
As of this reporting, the company’s taxi dispatch system, car hire service, web booking platform, reservation management, and telephone dispatch remain unavailable. Some internal systems are also offline. Nihon Kotsu is directing customers to use the third-party ‘GO’ taxi app or to book rides directly at taxi stands while recovery continues.
The disruption has also hit a specialized “labor taxi” service used by pregnant women near delivery dates. That service is currently suspended in Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama.
Data leak investigation ongoing
Nihon Kotsu has engaged external cybersecurity experts to assist with the investigation and system restoration. The company says it is actively examining whether customer or internal data was exfiltrated during the attack, though no leak has been confirmed at this stage. It has pledged to issue updates and, if necessary, individual notifications should new details emerge.
The company is also warning customers to be cautious of phishing attempts that may exploit the incident, advising against opening attachments or clicking links in messages claiming to be from Nihon Kotsu.
No ransomware group or extortion gang has publicly claimed responsibility for the attack as of this writing. The incident underscores the operational risk transportation and logistics providers face when core dispatch and booking infrastructure is tightly coupled to internal networks vulnerable to malware compromise.
