Nihon Kotsu Co., Ltd. Listed by AiLock Ransomware Group
Nihon Kotsu Co., Ltd. is the largest taxi and limousine operator in Japan. For the fiscal year ending May 2025, the company reported an annual consolidated revenue of ¥103.445 billion, with group and partner company sales reaching ¥155.457 billion.
On July 15, 2026, Japanese taxi and limousine giant Nihon Kotsu Co., Ltd. appeared on the leak site of the ransomware group AiLock. The listing states that internal files were exfiltrated during a ransomware attack. The company, which reported ¥103.445 billion in consolidated revenue for the fiscal year ending May 2025, has not yet published a formal breach notification detailing the number of people affected or the precise data categories involved.
Confirmed Details from the Listing
The AiLock leak site entry confirms that internal files were exfiltrated from Nihon Kotsu Co., Ltd. It does not specify the volume of data taken, the exact systems compromised, or whether customer or employee personal information was included. The disclosure indicates the company was listed exactly on July 15, 2026, and the sample files shown appear to be genuine corporate documents. As is typical with ransomware leak sites, the group is using the publication to pressure the victim for payment. The primary source does not quantify affected records, so the full scale of exposure remains unknown.
Why This Matters for You and Your Family
If you have used Nihon Kotsu taxis, limousines, or related services in Japan, your personal details may now sit in an attacker-controlled archive. Even when exact record counts are not disclosed, taxi companies routinely collect names, phone numbers, email addresses, payment details, and trip locations. Any of these can be combined with other leaked information to build a profile of your movements and habits. For families, this risk extends to children whose names or school-related transport bookings might also appear. The uncertainty itself creates anxiety: you cannot easily check what was taken because the disclosure does not provide a clear list of exposed data types.
Doxxing and Identity-Chain Risks
Stolen internal files frequently contain spreadsheets that link customer identities to addresses, phone numbers, and sometimes passport or residency details. Attackers and subsequent buyers can use these to launch credential-stuffing attacks against your email, banking, or shopping accounts. Once one account falls, the attacker maps additional handles and relationships, creating an identity chain that leads to doxxing. Credential leaks like this one cascade into account takeovers and can expose children’s gaming accounts that share the same family email or phone number. The public nature of the leak site means anyone, including opportunistic criminals, can download the data and begin exploitation immediately.
AiLock’s Known Track Record
Public reporting attributes AiLock with emerging in late 2025 as a double-extortion operation that combines encryption with data theft and public shaming. The group has targeted organizations across Asia and Europe, typically gaining initial access through phishing or exploited remote desktop services before moving laterally to exfiltrate documents. Their playbook relies on publishing samples on a leak site and issuing payment deadlines, then gradually releasing more data if the victim does not pay. While exact prior victim counts are not always published, the group’s consistent use of leak-site pressure indicates they prioritize reputational damage over silent extortion. Readers can follow trackers for AiLock to monitor future activity by this specific actor.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly where Nihon Kotsu data may surface.
- Rotate any password you ever used on Nihon Kotsu-related services or apps and enable 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught within hours instead of months.
- Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same family address or email.
- Let remediation specialists handle data-broker takedown requests and follow-up monitoring for you while you focus on securing daily accounts.
The appearance of Nihon Kotsu on the AiLock leak site shows how even large, established companies can become vectors for your personal exposure. Acting quickly on the practical steps above limits what attackers can build from this incident. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to close the gaps this breach may have opened.
Related breaches
Solid Advance Inc. Listed by AiLock Ransomware Group
Solid Advance Inc. is a Japanese software company, founded in 2004, based in Tokyo and Aomori. It de…
Ferrovial Listed by AiLock Ransomware Group
Headquartered in Ferrovial operates as a global infrastructure and mobility operator. The company's …
WBF Construction Listed by AiLock Ransomware Group
WBF Construction LLC is a company that operates in the Commercial & Residential Construction industr…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →