Unfortunately these types of breaches don't net the culprits nearly as expeditiously as we'd all like. Given that they're likely based in a country that could care less or may be adversarial to the US this may even be lauded.
In the grand scheme of things it's very low likelihood we'll see any level of prosecution for this incident in the next year or two, if ever. And even then it will likely only result in attribution in a random report a year from now with no actual consequences for the attackers.
The final thing is the amount of money isn't extraordinary. As others have said it's mostly a rounding error in annual revenue that passes books of a company like this.
