KDDI said it has confirmed the?email addresses of about 12.23 million users and the passwords for some 7.61 million users were subject to unauthorized access in a breach of its email system for internet service providers.

According to a report on the cyberattack submitted to the communications ministry on Monday, the telecommunications operator said it has not confirmed any secondary damage stemming from the data breach. Affected users are expected to complete password changes and take other necessary measures within the next several days.

The company said last month that up to 14.22 million sets of email addresses and passwords may have been compromised.

KDDI confirmed the cyberattack on June 17. It said the cyberattack exploited vulnerabilities in third-party software used in the email system.

The company has implemented protective measures such as ramping up the detection of fraudulent access attempts to its servers. It plans to use artificial intelligence to analyze software design specifications and programs to comprehensively identify potential issues.

¡°It¡¯s extremely regrettable that the incident has had a major impact on users,¡°?internal affairs minister Yoshimasa Hayashi said at a news conference on Tuesday in response to the information leak.