According to security firm Sophos, someone used an automated SQL injection tool to find the flaw in the site to get access to the data. Hacker News posted a sample of the data to PasteBin, with important data redacted.
Hacker News reported that b4d_vipera was the hacker involved in the dump of the data. The original hack apparently took place on May 5.
There's no way to make anything completely unhackable. Thus, since hackers seem to want to make an example out of Sony, we're going to see more of these hacks. The good thing is if they keep examining Sony assets, the company's sites and properties might eventually be the most secure in the world.