United Kingdom authorities have fined Sony $396K for a widespread 2011 PlayStation Network data breach, a breach that could have been prevented.
From Sony’s Kaz Hirai regarding the PSN hack:
Following a criminal cyberattack on the company’s data-center located in San Diego, California, U.S.A., Sony Network Entertainment International quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. The intrusion was discovered between April 17 and 19, and the PlayStation Network was taken down on April 20. On April 26, Sony notified the owners of 10 million accounts that their personal information, potentially including credit card information, had been compromised in the attack.