An investigation into the compromising of Japan's national pension system found that 99 percent of the accessed files were without any sort of password protection.
The Japan News wrote that if proven true, it would contradict previous official statements that passwords were used to protect all data. Passwords are required to protect any internet-connected files, the news site stated.
The agency is also supposed to have dedicated information security officers report on compliance twice a year, and in the four reports dating from August 2013 to November 2014, all the offices stated they were complying with regulations.
The attack compromised the personal information, including names, pension identification numbers, addresses and dates of birth, of more than 1.25 million people.
The breach stemmed from a malicious email attachment opened on May 27 by unsuspecting employees.