Sony is facing a £250,000 penalty for what is deemed a security failure during the PlayStation Network hack that affected some 77 million accounts in April 2011.
The Information Commissioner's Office (ICO) said the attack was preventable, and that there was "no disguising that Sony is a business that should have known better".
Sony has the right to appeal the decision, and the corporation told the BBC that it intends to reverse the ruling.
In statement sent to CVG, Sony said it "strongly disagrees" with the decision.
The company added: "PlayStation Europe notes that the ICO recognises Sony was the victim of 'a focused and determined criminal attack' and that 'there is no evidence that encrypted payment card details were accessed', and that 'personal data is unlikely to have been used for fraudulent purposes'."
The corporation's chief executive, Kaz Hirai apologised for the breach one month after the attack brought the whole network down.