Ransomware victim disclosure
← All victimsNihon Kotsu Co., Ltd.
Claimed by AiLock · listed 2 hours ago
Status timeline
- ListedJul 15, 2026
- Data leakeddate unknown
At a glance
- Group
- AiLock
- Status
- Data leaked
- Country
- Japan
- Sector
- Transportation/Logistics
- Listed on leak site
- Jul 15, 2026
About the victim
AI dossier — public-source company profileNihon Kotsu Co., Ltd. is Japan's largest taxi and limousine operator by group sales, founded in 1928. The company operates approximately 10,000 taxis and hire vehicles across Tokyo, the greater Kanto region, and Kansai, providing passenger transportation and driver dispatch services.
- Industry
- Taxi & Limousine Services
- Address
- Tokyo, Japan (headquarters); operations across Tokyo, Kanto, and Kansai regions
- Founded
- 1928
Attack summary
Severity: high — Confirmed operational disruption to critical infrastructure (transportation operator with 10,000+ vehicles); company's own website notes 'system outage due to unauthorized access'. Large-scale operational impact on national transportation network justifies high severity despite lack of confirmed data exfiltration details.AiLock claims to have conducted an attack on Nihon Kotsu's systems resulting in operational disruption. No specific details of data exfiltration, encryption scope, or data categories are disclosed in the leak post.
What the group claims
Nihon Kotsu Co., Ltd. is the largest taxi and limousine operator in Japan. For the fiscal year ending May 2025, the company reported an annual consolidated revenue of ¥103.445 billion, with group and partner company sales reaching ¥155.457 billion.
Sources
- Victim sitenihon-kotsu.co.jp
Source
Indexed 2 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

