Cyber Incident Victim: Nihon Kotsu
Date:
Jul 2026
Location:
Japan
Summary
Nihon Kotsu, Japan's largest taxi operator, disclosed that intruders gained unauthorized access to its internal systems, infecting them with malware and forcing a shutdown of key booking and dispatch functions. The company’s phone‑based taxi dispatch service, its Hire Web ordering and reservation platform, and parts of its internal networks were taken offline, while the separately operated GO taxi app continued to work normally. As a result, the labor taxi service for pregnant women was suspended across several cities in the Kanto and Kansai regions. After detecting the intrusion, staff disconnected affected systems to limit damage and engaged external cybersecurity specialists to investigate the scope, trace the origin, and support restoration. No confirmed data leak has been reported, though the company continues to examine that possibility and has warned customers to be wary of suspicious messages purporting to come from it. No threat actor has been identified or claimed responsibility.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 11, 2026, in the early hours, unauthorized external access to Nihon Kotsu’s internal systems was gained, resulting in malware infection. The intrusion was detected shortly thereafter, prompting the company to isolate affected systems to limit further damage. As a result, the phone‑based taxi dispatch service, the Hire Web ordering and reservation management platform, and portions of the internal network were taken offline. Nihon Kotsu operates roughly 9,000 taxis and hire vehicles, primarily in Tokyo’s special wards and the neighboring cities of Musashino and Mitaka, with additional coverage in the Kanto and Kansai regions through affiliated firms. The company employs 18,228 staff, maintains a taxi fleet of 8,558 vehicles and a chauffeur fleet exceeding 2,000 vehicles, and generates about $1 billion in annual revenue.

The disruption left customers unable to book rides through Nihon Kotsu’s own phone and web channels, while the separately operated GO taxi app continued to function normally and was recommended for use under the Nihon Kotsu listing. In addition, the company’s specialized “labor taxi” service for pregnant women nearing childbirth was suspended across Tokyo, Musashino, Mitaka, Tachikawa, Yokohama and Saitama. Nihon Kotsu issued a statement confirming that internal systems had been subjected to unauthorized external access and malware infection, and noted that emergency measures, including system disconnection, had been implemented immediately after detection. The company also stated that no data leak had been confirmed at that time, though it continued to examine the possibility.
To investigate the incident, Nihon Kotsu engaged external cybersecurity specialists to determine the scope of the intrusion, trace its origin and assist with restoring affected systems. The company pledged to provide further public updates and direct notices to customers should new findings emerge. As of the latest update, no hacking group or extortion operation had claimed responsibility for the attack, and no specific threat actor had been identified.
