You're right, $17B (or more, or dissolving the company) would start to actually spark off some real change in attitudes towards infosec among executives, instead of just continuing the status quo with this non-enforcement action.
The strangest part of this ordeal was when that guy from the FTC was encouraging consumers to take the monitoring on Equifax's request.
They're not even pretending to be regulated anymore, they just come out and tell the government what to say.
The senate report on this hack goes into lots of technical detail, savaging Equifax for their gross incompetence and negligence beat by beat: https://www.hsgac.senate.gov/imo/media/doc/FINAL%20Equifax%2...
Despite all this provable negligence and incompetence all laid out in writing for everyone to see they still suffered zero real consequences. This is going to keep happening over and over and over again until we decide it's unacceptable.