corporations are not people. They don't "learn lessons". They respond to incentives. If this breach didn't cost them dearly, but they still reaped any reward from having had the breach (e.g., saved money on security, and opt to pay the fine instead when they are breached), they will do it again in the future.
A fine is meant to deter as well as punish. If the fine is too small, it won't deter. And certainly if less than the profits earned, it can't punish, nor deter.
Corporations don't learn lessons, but people do. You want managers arguing for budget to prioritize security, or lawyers arguing for legal stuff, to be able to use this as a compelling example.
Losing $650 million is perhaps not quite as compelling a story as losing billions, or a smoking hole where a company used to be (as in Enron and Arthur Andersen). But it's a pretty big chunk of change. I have no experience making such arguments, but it seems plausible that it will be remembered for a while at Equifax and their competitors, at least?
I'm doubtful that people respond to such incentives rationally. It probably has more to do with how well the storyteller tells the story. And whether the thing they're selling actually works well for improving security seems pretty hit-and-miss, too.
A fine is meant to deter as well as punish. If the fine is too small, it won't deter. And certainly if less than the profits earned, it can't punish, nor deter.