We are not Equifaxes customers. We are Panera Bread's customers. There is some risk if you directly expose the customers. There is less risk if you lose a third parties data.
Just from speaking to my friends who are not tech people and regular Panera Bread customers. They don't care. Sorry for using this language but as a direct quote one of them said "dude who gives a shit, everyone is leaking shit these days."
There are no fines. People don't stop purchasing stuff from them.
The risks of not following security practices are so low that it makes logical business sense to not care much about them.
Now, say if we add fines on these security breaches. Proper fines, say % of global revenue type fines. Then yeah, they'll start caring.
Until then, wait for more of these security breaches.