But with the current administration as well as Congress (we're likely to see a Federal gov't shutdown over the budget even though the Republicans control the legislature and White House), I wouldn't anticipate seeing any regulation down the pike because of this.
They mention the Struts vuln, but not which one... did an attacker access the info directly via a naive attack, or was this a campaign? Having worked on Enterprise-Ready(tm) systems I wouldn't be surprised if Equifax had an unsegmented network...
Not yet. People might be annoyed but not many of them have been harmed yet. They're harmed when their identity is actually stolen (i.e. used by someone else), not merely when someone gets access to their data.
(Not saying I like this system. Just saying this it how the system works.)