Japan’s largest taxi and chauffeur operator by group revenue, Nihon Kotsu, has shut down several customer-facing and internal systems after detecting unauthorized access and a malware infection during the early hours of July 11, 2026.
TL;DR
- Nihon Kotsu isolated parts of its network after detecting malware.
- Phone dispatch, chauffeur booking and some internal systems remain unavailable.
- Customers can still request vehicles through the GO taxi app.
- No data leak or ransomware group has been confirmed, while external cybersecurity specialists investigate.
Nihon Kotsu disclosed the cyberattack on July 13, two days after the company detected the intrusion. It said the affected services included its chauffeur web ordering and reservation-management platform, telephone-based taxi dispatch and some systems used internally by employees.
“We confirmed that our internal systems had been subjected to unauthorized external access, resulting in a malware infection,” Nihon Kotsu said in its official notice. The company added that it immediately disconnected systems and isolated its internal network to prevent the attack from spreading further.
The operator is working with an external cybersecurity organization to determine the affected systems, identify the cause and analyze system logs. Nihon Kotsu said the isolation measures had contained further expansion of the incident, but it had not announced a timetable for safely restoring the unavailable platforms as of July 14.
What Services Are Still Available?
Nihon Kotsu’s vehicles remain available through the GO taxi-hailing app. Customers can select Nihon Kotsu as their preferred taxi company when making a dispatch request, or use nearby taxi ranks and hail available vehicles on the street.
The separate GO app infrastructure was not reported as affected by the intrusion. However, customers who normally rely on telephone booking cannot currently use that channel, while chauffeur customers are unable to access the affected web ordering and reservation-management services.
The incident has also suspended online registration forms for Nihon Kotsu’s labor taxi service, which assists pregnant passengers preparing to travel to hospital. The disruption affects forms serving Tokyo’s 23 wards, Musashino, Mitaka, Tachikawa, Yokohama and Saitama.
Topics For More Insights
Has Customer Data Been Stolen?
Nihon Kotsu said it had not confirmed any information leak at the time of its disclosure. Investigators are still examining whether data was removed and, if so, what information and individuals may have been affected.
The company said it would issue an official announcement and contact affected people individually if an exposure of personal information, or a credible possibility of one, is established. It also warned customers and partners to avoid opening attachments or clicking links in suspicious messages that appear to come from Nihon Kotsu.
No ransomware or extortion group had publicly claimed responsibility when independent cybersecurity reports were published. The malware family, initial entry point and identity of the attacker also remain undisclosed, so describing the incident as ransomware would currently go beyond the verified evidence.
The operational impact is significant because of Nihon Kotsu’s scale. Company figures for May 2025 list 18,228 workers including affiliated companies, 8,558 taxis, 2,016 chauffeur vehicles and group-related annual revenue of ¥155.46 billion.
Nihon Kotsu said restoration work is prioritizing system safety and a secure recovery environment. Further findings on the attack, potential data exposure and service restoration are expected through the company’s official website.

