To me, your argument sounds like the same argument that's been discussed here before - the user / company is dumb and should know better / protect themselves better.
That's not my argument at all, well, kind of. My first argument would be that it's the responsibility of organizations to do their best to secure their products (looking at you Equifax) and that they should be held to high standards of accountability as well as transparency.
What I'm trying to say is that
A) I don't think organizations are trying hard enough to be proactive, accountable, and transparent and I think that we're reaching a point where the public, and hopefully lawmakers, will really start to demand that.
B) Every time this kind of thing happens, there's someone new that reads these articles, and hopefully they discover how vulnerable they can be and start adjusting their behavior to protect themselves. I know I learn something new almost every time something like this comes up and I keep security an active part of my conversations when talking to other people, people who are savy so I can learn more and people who aren't savy so I can give them tips to protect themselves. For example, whenever banking comes up I always tell people to get mobile alerts and two factor authentication activated whenever possible.
C) We're on the tech frontier here. We have to understand that, know that we're at risk, and realize we're really just starting out in finding ways to protect ourselves. We need back up plans, just in case the metaphorical bear spray we're given to protect ourselves turns out to be nothing more than compressed water in a can.
I mean, hardships in this area are all around right now, but literally every time something like this happens, it's in the news (even on local television news) and it gets people talking and aware and awareness is the first step in addressing a problem.