A statutory fine of $50k per compromised account would get the attention of the credit bureaus. (It might drive them out of business, but it sure would get their attention.)
For reference, Equifax leaked the personal information of 147 million people (myself included). Multiplying that by $50k is over 7 trillion dollars. In actuality, they were ordered to pay up to $700 million in total which works out to about $4-5 per person. I agree with you, but the gap between what you propose and the status quo is staggering.
So yeah, in this case Equifax would go bankrupt and other companies would get very valuable lesson to spend more money at security side of things. I see no issue here.