The fine was levied due to Sony’s inability to keep said user info safe. When the fine was announced, ICO’s David Smith criticized, ”If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen. When the database was targeted, albeit in a determined criminal attack, the security measures in place were simply not good enough.”
Sony immediately appealed the decision, but have now withdrew it. Accord to the company in a press statement, ”After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits.”
Odd the “careful consideration” comes 18 months after the fine was first levied.