no kidding!
EFX should be paying through the nose with a bunch of folks in prison.
Don’t get me wrong, what Facebook did was awful and they deserve the fines but I still see the Equifax issues as a more egregious issue.
		
		
	 
Well yes, and particularly because corporations still largely pay lip service to data security, i.e. as a matter of fiduciary responsibility they must be able to say they've made an effort to secure their data if they're hacked, but meanwhile they don't want any security provisions to impede their at-will conduct of business. 
Think of their senior officials as extensions of employees who still write their passwords down and stick them on post-it notes under their keyboards or on the bezel of their monitors.  Because that's basically what they are and more importantly how they expect the whole company to be able to respond to special requests for data, application tweaks, network adjustments etc.,  24/7/366.
I don't hold out much hope for this situation to be fixed any time soon.  Even some bill that was introduced last year by Democrats would only have fined Equifax $1.5 billion or so had it been passed and had the Equifax breach occurred thereafter.    In reality the FB fine was stiffer than that on a simple per-capita basis, leaving aside the different nature of the respective losses of privacy and apparent impact to date. 
It's a bit like responses to any grave situation,  say car crashes at some intersection that could use a traffic signal but just has stop-signs.    When something bad finally happens to someone "special" enough,,,,  something might get done about it. 
The problem with that approach is that it's still closing a barn door after the horses are out.   We don't know who will get killed at an intersection that needs a traffic light (and that assumes people give a darn about them any more if they think they have the option to ignore it, or they're impaired).   And...  we don't know the potential impact of a security breach.   And... as general users we tend not to really care,  unless and until after we're on the receiving end of a hack. 
So we're part of the data security problem.   We're sort of like the person who complains about no traffic light at the intersection of Elm and Maple,  but when they finally put a stoplight up then we run it at 3am because it's a pain in the behind to sit there at a red light for "no reason".