The proposal is not that if a person commits a crime and pays X amount for it then if a company commits the same crime they should pay X multiplied by the difference in their income, which is what you're arguing against in your example of speeding tickets.
This is in relation to the kinds of crimes that (generally) companies commit, and is arguing that if a large company commits that crime then it should pay a larger fine than if a smaller company commits the same crime.
It is possible that the scale of the crime has been included in the size of the fee, but if so it's a pretty ridiculous standard to begin with. "Hundreds of thousands of customer records" is pretty vague, but let's assume records for 250,000 people. That means a fine of $100 a person. That's not nothing, but it doesn't really cover the potential damage they may have caused. And furthermore in this case, although we are presuming the employees did not sell the data as part of a corporate directive, the fact that they were able to do so indicates some pretty serious lack of oversight and security, and some portion of the fee ought to be related to that. And _that_ part of the fee ought to reflect the size of the company involved.
$25 million could easily bankrupt a small company, but AT&T will hardly notice it amidst the yearly revenue of $132 billion and net income of over $6 billion. So the fine works out to about 0.4% of their yearly profit. In 2011 the average American household had $12,800 of discretionary income available, about the best equivalent to corporate profit i can think of. In which case if an average American committed the same crime the "expected" fee would be $51.20. That's not even a speeding ticket, that's about a parking ticket level of fine.