grid
Abstract circular gradient with concentric rings in blue, green, yellow, and red fading into black background.
5 min read

Cyberattack Hits Nihon Kotsu, Japan's Largest Taxi Operator

taxi operator cyberattack
Published on
July 15, 2026

Nihon Kotsu, Japan's largest taxi operator, has confirmed a cyberattack that knocked out its dispatch system and several booking channels. The company detected unauthorized access to its internal systems early Saturday morning.

It disconnected affected infrastructure right away to contain the damage. Days later, core services remain offline.

As a taxi operator, Nihon Kotsu runs on a scale that makes this cyberattack especially disruptive. The company employs more than 18,000 people. It operates a fleet of over 8,500 taxis, along with more than two thousand chauffeur vehicles.

Group revenue runs roughly $1 billion a year. An outage of this size does not just inconvenience a single office, it further reaches directly into daily transportation for thousands of riders across Japan.

How the Cyberattack on the Taxi Operator Unfolded

Nihon Kotsu said it confirmed unauthorized external access involving malware infection over the weekend. The company responded by disconnecting systems immediately after detection. That is a standard containment step for an incident of this kind.

It limits how far an intruder can move, but it also forces services offline while investigators work. That tradeoff shows in what customers can no longer do.

Car hire, web booking, reservation management, and the telephone dispatch service are all unavailable. Some internal systems are down too. Nihon Kotsu has told customers to use the competing 'GO' taxi app instead, or approach a nearby taxi stand.

One detail stands out beyond the usual business disruption caused by this cyberattack. The company's "labor taxi" service is suspended in Tokyo, Musashino, Mitaka, Tachikawa, Yokohama, and Saitama.

Pregnant women close to delivery use this service to reach a hospital quickly. For a taxi operator whose fleet supports this kind of urgent transport, the stakes here go beyond missed bookings. They touch a service some families depend on during an emergency.

Investigation Still Open on Data Exposure

Nihon Kotsu has engaged external cybersecurity experts. They nare supporting both the investigation and system recovery. The company says it is actively checking whether any data was exposed during the intrusion. So far, it has not confirmed a leak.

That uncertainty means customers should stay alert. They should not assume the worst, but they also should not dismiss the risk.

Nihon Kotsu has already warned people not to open attachments or click links in messages claiming to come from the company. Incidents like this often trigger a wave of phishing attempts, because attackers know public awareness of the breach is high.

If Nihon Kotsu confirms a data leak later, the company has promised to issue personalized notices to affected individuals. No ransomware group or extortion gang had claimed responsibility for the cyberattack on the taxi operator at the time of writing.

That silence does not rule out ransomware. Groups often stay quiet during negotiations. They tend to go public only after talks with a victim break down.

Why Transportation Networks Draw Attacker Interest

This cyberattack on a major taxi operator fits a pattern security researchers have tracked for years. Transportation and logistics firms run on interconnected dispatch, booking, and payment systems. These systems cannot tolerate long outages, so they make attractive targets for attackers looking for leverage.

When a dispatch platform goes dark, operational pressure builds fast. That pressure can push a victim toward paying a ransom faster than a company in a less time-sensitive industry might.

Japan has seen a string of high-profile cyberattacks against major operational businesses in recent years. The pattern spans manufacturing, logistics, and now transportation, with this taxi operator as the latest example.

Each incident points to the same weakness. Legacy dispatch and reservation infrastructure, often built up over decades, can carry security gaps that modern attackers know how to exploit.

What Happens Next

Nihon Kotsu has not published a timeline for restoring its dispatch and booking systems. The company says it will continue issuing updates through official channels as the investigation moves forward.

For now, riders in the affected regions face a mix of workarounds. Some are turning to third-party apps, and others are heading to physical taxi stands, while engineers work to bring core services back online safely.

The incident also serves as a reminder for other transportation and logistics operators. Rapid containment can prevent an intrusion from spreading further into a network.

Disconnecting systems as soon as unauthorized access was detected is exactly what Nihon Kotsu did here. But containment comes at a cost, because it cuts off the very services customers rely on. Every taxi operator facing a similar cyberattack has to weigh that tradeoff.

Nihon Kotsu's response so far follows a familiar playbook: contain first, investigate second, and communicate as facts get confirmed. The outcome for this taxi operator depends on what the ongoing forensic investigation into the cyberattack finds in the coming days.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.