There needs to be jail time for this sort of thing. Especially a company that has such valuable info, they should be obligated to have the most serious security. Whoever is responsible for allowing this hack to happen should be held fully liable for all damages done to all affected. This needs to be the case for all instances where user's info is compromised. This stuff happens way too much now, and the biggest issue is that companies don't care, and there is no incentive for them to care because there are no penalties when it happens.
I'm not even mad at the hackers, but at the companies for allowing the vulnerabilities to exist in first place. These are billion dollar operations, they have zero excuse, they should have top notch security experts working on the systems and continuously monitoring and checking for any vulnerabilities. A company as big as Equifax should have an entire IT department dedicated strictly at systems security. But instead they probably outsource IT to the lowest bidder.