COTA, a Tokyo Stock Exchange Prime-listed company (code 4923), told investors on July 16 that its first-quarter earnings report for the fiscal year running to March 2027 will miss the standard 45-day disclosure deadline that follows quarter-end. The company gave a single reason: a ransomware infection that hit its systems on March 27, 2026, which management says is still consuming time in both its own accounting close and the audit procedures carried out by its outside auditor. COTA has not set a new disclosure date, saying only that it will announce one "as soon as it is decided".
The delay is not COTA's first brush with this deadline. A companion notice filed the same day disclosed that the company's full results for the year ended March 2026, first flagged as running late back on April 23, 2026, and already past the standard 50-day window, will now be released on July 30, 2026. That is roughly four months after the fiscal year closed, which means the March ransomware attack has now pushed back two separate reporting cycles rather than one.
COTA apologized to shareholders and investors in both notices for the inconvenience. Neither filing puts a figure on the earnings or balance-sheet effect of the attack, and neither says what data, if any, was exposed. What the two notices do establish is a timeline: an incident from four months ago is still working its way through a listed company's books and its auditor's sign-off, long past the point most Japanese issuers have already reported a full quarter's results.
