Hacker group Lulz Security (LulzSec) claims it has accessed the servers hosting Sony Pictures Entertainment and obtained the e-mail addresses, birth dates and passwords of more than one million users.
Sony says it is aware of LulzSec's statement and is investigating, according to BBC reports.
The claims came as Sony said it had restored its PlayStation Network after nearly a month and assured customers that it had beefed up its network security.
Review of online security
Last month, Sony chief executive Howard Stringer said the company was conducting a major review of online vulnerabilities.
The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit, but pundits say the cost of reputational damage is likely to be much greater.
LulzSec claims to have hacked into an unencrypted database using the well-known SQL injection attack method.
"This is disgraceful and insecure: they were asking for it," the statement said.
Critical of Sony's security
Sony is yet to confirm the breach, but LulzSec posted samples of the stolen data on the LulzSec website, and security experts are taking the group's claims seriously, according to the Financial Times.
LulzSec has been identified by security researchers as a talented spin-off from Anonymous, the paper said.
The group has posted a series of critical comments about Sony through its @LulzSec Twitter account.
"I'm loving how people think they can take down lulzsecurity.com - cloudflare back-up pages storing 100% of our Sony releases. Nice try!" said one posting.
This story was first published by Computer Weekly