A very expensive reminder that the "bus factor" is a real threat. Most startups I've worked at had (at least at one point) only a single person with passwords to things like the AWS root account, and other similarly important things. What happens if that person disappears? Scary stuff for anybody on the hook for business continuity.
But it does raise questions about whether the company was civilly negligent in safeguarding company assets. Board members and/or high ranking company officers may have legal exposure.
