The Tokyo Electric Power Company (TEPCO) has been under intense scrutiny ever since the 2011 meltdown at the Fukushima Daiichi nuclear energy complex. Following an investigation by Japan’s Board of Audit, TEPCO has been told to upgrade its computer systems. That doesn’t sound particularly unusual, except that TEPCO operates more than 48,000 PCs all running Windows XP. Oh, and they’re connected to the Internet.

The Board of Audit is digging into TEPCO’s finances largely because the Japanese government wants the company to pay for ongoing cleanup efforts around Fukushima. It’s no surprise either. The 2011 meltdown was the largest nuclear disaster since Chernobyl in 1986. Decommissioning the plant is expected to cost tens of billions of dollars and take 30-40 years.

No one is alleging that Windows XP was the cause of the disaster, of course. Power plant infrastructure runs on more robust embedded platforms, though TEPCO didn’t plan ahead very well in the case of Fukushima. The chain of events that led to the runaway fission reaction have been thoroughly investigated, from the tsunami to the system failures that prevented reactor shutdown. The heavy reliance on Windows XP could, however, be seen as more evidence of complacency within TEPCO.

Windows XP was released in 2001, and enjoyed update support from Microsoft for more than a decade until it was finally cut off in 2014. That was after several extensions due to the poor performance of subsequent versions of Windows. A lack of security patches means XP systems will be vulnerable to any and all security flaws that are discovered going forward. This might not be a huge deal if the TEPCO computers weren’t connected to the Internet.

TEPCO was reportedly aware of how dated its systems were (it would be hard not to), but had actively chosen to keep using XP until at least 2019 as a cost-saving measure. That means TEPCO workers would be using 18-year-old software by the time it was upgraded. It is possible for businesses to pay Microsoft large sums of money for custom XP support, but obviously TEPCO was not doing that.

The Board of Audit calls this out as not only catastrophically unsafe, but not even likely to result in cost savings. Supporting ancient operating systems like this only gets harder as hardware and software moves on to support more modern platforms. TEPCO has reportedly agreed to make the upgrades. But really, it shouldn’t have taken a government audit to convince an operator of nuclear power plants that using outdated, insecure computers is a bad idea.