Sony has been fined £250,000 ($A377,000) for a breach of its Playstation Network last year that exposed private user data.
The British Information Commissioner's Office (ICO) said the exposure of users' names, addresses, email addresses and passwords could have been prevented if software was patched.
It said technical developments meant passwords were not secure.
Director of data protection David Smith said protecting payment card and log-in details must be a priority.
"In this case that just didn't happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough," Smith said.
"There's no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.
“The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft.”
ViaSat UK cheif executive Chris McIntosh said the fine was "wholly positive", but said that this also demonstrates the worrying lack of regard for data protection that exists from a large organisation that should really know better.
“Any organisation trusted with safeguarding the personal details of millions of customers, including payment card details, should ensure it has the most rigorous data security policies in place possible to protect against threats like these,” he said.
“The fact that the data breach could have been avoided by something as simple as a software update shows a worrying lack of regard and a poor perception of the existing threats.”
Check Point UK managing director Terry Greer-King said: “It underlines the fact that companies have to take the protection of customer data seriously, and take steps to prevent that data being accessed.”
