If you make a mistake and you do so honestly, not out of malice and fix it, you are very unlikely to get a fine - you will get guidance and a warning. Unless you are being egregiously slip-shod.
Storing user names and passwords in plain text when you have several hundred thousand users is not a "honest mistake" in 2019. In other fields a commercial entity failing basic security practices can be considered criminally negligent.
