Well, try these two on for size...
health.net - 1.9 million customer details including names, addresses, **social security numbers**, and **credit/debit card details** (not disclosed for months after the attack)
Heartland Payments - 130 million Credit/Debit card records (not disclosed for months after the attack)
TJX - 45 million cardholder details including card numbers (was not disclosed for *years*)
The attackers here got names, email/postal address information, dates of birth and password hashes. They did not get the primary card databases, which were encrypted in any case, and in fact the only confirmed information theft of CC data was 900 active card numbers in a 4 year old backup/development database at SOE. Sony came forward within 2 days of the outage, and 4 days later with only the preliminary analysis complete they warned customers. In a very real sense Sony nearly jumped the gun by informing people so quickly. Typically such attacks and data breaches are not reported publicly for months afterwards because of the time taken to analyze the attack and restore/strengthen systems. Yet despite that, Sony got castigated for being *slow* to respond, when they were in fact abnormally *fast* to respond and advise customers. As much as non-technical gamers wish to decry their response, or people pre-disposed to hate on Sony wish to use this as a stick to beat Sony, the reality is that hacks happen and Sony has responded extremely quickly and strongly to the attack, and they have in reality done far more than any organization I can remember to compensate their customers. Attacks happen, and a determined attacker may be able to break into any network - given time. So, it's not just about the precautions you take, it's about how you respond. Were there flaws in Sony's Security? Sure, of course there were. That said, you could challenge any network of similar size and scope to prove itself free from security flaws. So, blame where blame is due, but let's keep this in perspective. If you accept that attacks are going to happen and no security is perfect, then what matter as much or more is how the victim of the hack responds to protect their customers. If you compare Sony's reaction to those of others, there is a contrast, and Sony doesn't look bad at all.
There's a story at Computer world that talks more about this if you want further reference.
You almost have to ask why the tech media jumped on Sony so strongly, when they soft pedal the coverage of other breaches - Last Pass anyone?
Try this article for some perspective...
http://www.computerworld.com/s/article/9216724/Is_Sony_getting_a_bad_rap_on_its_data_breach_