The attack in April 2011 targeted credit card information through Sony's PlayStation Network and put millions of users' personal information -- including names, addresses, birth dates and account passwords -- at risk.
Britain's Information Commissioner's Office said Thursday that security measures in place at the time "were simply not good enough." It said the attack could have been prevented if software had been up to date, while passwords were also not secure.
The office acknowledged the "substantial" size of the fine, calling the case "one of the most serious ever reported" to the data regulator.
Take ABC13 with you!
Download our free apps for iPhone, iPad, Android and Blackberry devices