Cyber Incident Victim: 株式会社近鉄エクスプレス

OnApril 23, 2025, Kintetsu World Express announced that an ongoing server failure had been determined to result from unauthorized access by a third party using ransomware. The company stated that its system had not yet recovered and that part of its operations continued to be affected. The first customer notice of a service disruption was issued at 12:00 p.m. on April 23, indicating that some customers were experiencing impacts and that IT teams were actively investigating the issue as a top priority. By that time the matter had been escalated to the Chief Information Officer and all appropriate resources had been mobilized. Subsequent updates on April 24, 25, 26 and 27 repeated that IT teams continued to investigate, that work to restore service was underway, and that updates would be posted on the website. The April 24 notice at 5:00 p.m. added that email communication was proceeding as usual, while the other notices noted that operations remained available in certain countries and regions.

In response to the incident, Kintetsu World Express established an Emergency Response Headquarters to oversee the investigation and recovery efforts. The company conducted a forensic investigation with the assistance of external professionals and consulted with and reported the matter to the Japanese police. It emphasized that restoration of the affected system to normal operation was ongoing but would take some time, and it committed to providing status updates on both the restoration work and the investigation results. The company also apologized to customers, business partners and other affected parties for any inconvenience caused by the disruption. Throughout the period from April 23 to April 27, the notices consistently advised customers with questions or urgent requests to contact the company’s representatives and customer service for assistance.