Skip to content
feed: live
>_ 0dayNews
threat intel
● Breaking

Nihon Kotsu cyberattack takes Japan taxi dispatch offline

Japan's largest taxi operator says a July 12 malware intrusion knocked dispatch, web booking, and labor-taxi services offline. No group has claimed.

Nihon Kotsu cyberattack takes Japan taxi dispatch offline
Photo: Comyu / Wikimedia Commons · CC BY-SA 3.0
airgap airgap · Published · 2 min read

Confirmed: Nihon Kotsu, Japan’s largest taxi operator, disclosed on July 13, 2026 that its internal systems were compromised by malware early Saturday, July 12. Car hire, web booking, reservation management, telephone dispatch, and some internal systems remain unavailable as of the disclosure. Confidence: high, BleepingComputer reporting on the company’s own notice.

What Nihon Kotsu said

Direct company language: “our internal systems were subjected to unauthorized external access (malware infection).” That is a malware framing from the operator, not a ransomware label. No ransomware group or extortion crew has claimed responsibility as of publish time. Confidence: as-quoted.

External cybersecurity experts have been engaged for investigation and recovery. No restoration timeline was given.

What’s down right now

  • Car hire — offline.
  • Web booking — offline.
  • Reservation management — offline.
  • Telephone dispatch — offline. This is the phone line most Tokyo customers use.
  • Some internal systems — offline, not itemized.
  • “Labor taxi” — the pre-booked ride service for pregnant women — suspended across Tokyo, Yokohama, and Saitama.

Confidence on the outage list: as-reported by the company, not independently verified.

Data exposure — not confirmed, not ruled out

Nihon Kotsu is “looking into the possibility of data having been leaked” and states “no such data leak has been confirmed.” That is the same language pattern we saw in this week’s Lidl online-shop disclosure — a confirmed intrusion, an open exfil question, no numbers. Treat accordingly: worst case remains live until the company or its incident-response firm updates.

Scale

Nihon Kotsu operates 8,558 taxis and more than 2,000 chauffeur vehicles, employs 18,228 people, and reports roughly $1 billion in annual revenue. It is the country’s largest taxi operator. Confidence: as-reported by BleepingComputer.

Timeline

  • Early Saturday, July 12, 2026 — malware infection observed on internal systems. Confidence: as-reported by Nihon Kotsu.
  • July 13, 2026 — public disclosure; dispatch, booking, reservation management, and labor-taxi service still down. Confidence: confirmed.
  • Unknown — restoration date, root-cause vector, exfil status, threat-actor identity.

What we don’t know

  • Initial access vector. Not stated.
  • Ransomware family or extortion group. None named; none has claimed.
  • Whether payment or ride-history data left the network.
  • Whether the outage extends beyond the services Nihon Kotsu listed.
  • Restoration date.

We won’t file any of these as fact until Nihon Kotsu, its IR firm, or Japanese law enforcement puts a name on them.

Pattern check

Second confirmed Japanese-enterprise intrusion inside a week. KDDI’s ISP breach — 12 million records via a third-party zero-day — landed July 8. Nihon Kotsu is a different shape: direct internal-network malware infection rather than a downstream-vendor compromise. Unconfirmed — treat accordingly: whether the two share any threat-actor overlap. Nothing in either disclosure supports that link.

Sources

Found this useful? Share it.