Nihon Kotsu says malware forced emergency disconnection of systems
Nihon Kotsu, Japan’s largest taxi and chauffeur operator by group revenue, announced that its internal systems suffered unauthorized external access described as a “malware infection.” The company said the incident was detected early Saturday morning over the weekend and that, “Immediately after detecting the unauthorized access, we implemented emergency measures, including disconnecting systems to prevent further damage.”
The firm reported that parts of its infrastructure were shut down as a deliberate containment step; the taxi dispatch system remains offline as of today. Nihon Kotsu said it implemented the disconnections to prevent further damage while it investigates and works to restore services.
Scale of the operator and services affected
Nihon Kotsu reported annual revenue of roughly $1 billion (¥155 billion), employs 18,228 people, and operates a fleet of 8,558 taxis plus more than two thousand chauffeur vehicles. The company said multiple customer-facing and internal services are unavailable as a result of the incident.
- Impacted customer services include car hire, web booking, reservation management, and the telephone dispatch service.
- Some internal systems are also offline while containment and recovery continue.
- The company advised customers to use the ‘GO’ taxi app or visit nearby taxi stands to book vehicles in place of the affected systems.
Targeted suspension of the “labor taxi” service and geographic effects
Nihon Kotsu specifically notified that its “labor taxi” service — a car service booked by pregnant women close to giving birth — is suspended in the areas of Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama. The company’s announcement limited the suspension to those named areas; it has not reported additional geographic expansions of the service interruption.
Investigation, data-leak concerns, and customer guidance
The company said it has engaged external cybersecurity experts to assist with the investigation and system recovery and is “currently looking into the possibility of data having been leaked.” At this point in the investigation, the firm noted, no data leak has been confirmed, though it is considering the possibility and has promised to provide updates through official announcements and personalized notices if new information emerges.
Nihon Kotsu also advised customers not to open attachments received via suspicious communications claiming to originate from the company and to avoid clicking any links in those messages. The company warned that suspicious messages purporting to be from Nihon Kotsu could appear while the incident response is ongoing.
No external group has claimed responsibility; recovery and communication remain focal points
As of the company’s statements, no ransomware groups or extortion gangs have assumed responsibility for the attack. Nihon Kotsu’s public updates emphasize containment (system disconnection), investigation aided by outside cybersecurity experts, and a communications plan that includes official announcements and personalized notices should new information — such as evidence of a data leak — emerge.
What this means for technologists, policymakers, and customers
- Technologists and security teams: will be watching the company’s recovery steps — particularly how systems that support dispatch and reservations are validated and restored — and will take note of the use of external cybersecurity experts during the ongoing investigation.
- Policymakers and local service coordinators: will be attentive to the suspension of the labor taxi service in Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama, and to any official notices that may affect vulnerable users who rely on prearranged transport.
- Customers and pregnant service users: should follow the company’s guidance to use the ‘GO’ app or visit taxi stands for immediate transport needs and avoid opening attachments or links in suspicious messages claiming to be from Nihon Kotsu.
For now, the concrete items to watch are the company’s technical recovery — restoring the dispatch system and reservation functions — and the outcome of the ongoing investigation into whether any data left the network. Nihon Kotsu has pledged to provide further information via official channels and personalized notices if it confirms a leak; until then, the shutdown and targeted service suspensions are the immediate operational realities for the operator’s customers and staff.
Original reporting: https://www.bleepingcomputer.com/news/security/japans-largest-taxi-operator-shuts-systems-after-cyberattack/




