Japan's largest taxi operator shuts systems after cyberattack
Nihon Kotsu, Japan's largest taxi operator, shut down systems after a cyberattack involving malware infection.
Summary
Japan's largest taxi operator, Nihon Kotsu, has shut down parts of its infrastructure following a cyberattack that infected its internal systems with malware. The incident, which occurred over the weekend, has disrupted services including taxi dispatch, car hire, and reservation management. The company is working with external cybersecurity experts to investigate and recover systems, and is assessing the possibility of data leakage, though none has been confirmed yet.
Full text
Japan's largest taxi operator shuts systems after cyberattack By Bill Toulas July 13, 2026 04:18 PM 0 Japan's largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company's taxi dispatch system, which remains offline as of today. Nihon Kotsu is Japan's largest taxi and chauffeur (hire) operator by group revenue, with annual revenue of roughly $1 billion (¥155 billion). The company employs 18,228 people and operates a fleet of 8,558 taxis and more than two thousand chauffeur vehicles. “We have confirmed that our internal systems were subjected to unauthorized external access (malware infection),” reads Nihon Kotsu’s statement (automated translation). “Immediately after detecting the unauthorized access, we implemented emergency measures, including disconnecting systems to prevent further damage,” added the firm at another point. As a result of this incident, car hire, web booking, reservation management, the telephone dispatch service, and some internal systems remain unavailable, the company said. The company suggested that people seeking its car services should use the ‘GO’ taxi app instead, or just visit a nearby taxi stand to book a Nihon Kotsu vehicle. In a separate announcement, the firm specifies that the “labor taxi” service booked by pregnant women close to giving birth is suspended in the areas of Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama. The firm states that it has engaged external cybersecurity experts to help with the investigation and system recovery and is currently looking into the possibility of data having been leaked. At this point in the investigation, no such data leak has been confirmed, but Nihon Kotsu is considering this possibility and has promised to provide updates through official announcements and personalized notices if new information emerges. Meanwhile, customers of Nihon Kotsu are advised not to open attachments received via suspicious communications claiming to originate from the company, and to avoid clicking any links in those messages. At the time of writing, no ransomware groups or extortion gangs have assumed responsibility for the attack. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: New CrashStealer malware poses as Apple crash reporting toolMalicious 7-Zip site distributes installer laced with proxy toolRedHook Android malware now uses Wireless ADB for shell access'Ghostcommit' hides prompt injection in images to fool AI agents, steal secretsUkraine's army targeted in new charity-themed malware campaign
Indicators of Compromise
- malware — malware infection