AC as I was dumb.
I did this on my personal AWS account a few weeks ago.
Earlier in the year I'd been learning Terraform and, as a quick hack, had put my AWS credentials into the throwaway code. Months later I'd been doing Terraform properly, with the credentials held in ~/.aws
As it was crash-and-burn code, I'd been checking it into a public github account. Last thing before leaving I checked in the earlier code as well, feeling pleased with how I'd progressed in that day.
The problem with AWS is that the billing is very far from real time - this is why they can't offer monthly price caps, the information is not available to do that. I had a Cloudwatch alarm set up to email me when I spent over $10 in a month - it went off the following morning at 10am, by which time the miscreants had racked up $6,000 with xlarge instances in each location. AWS issued a credit for the amount - yes I'd been dumb, but the exact alerting mechanism to protect and alert you if you've been dumb takes many hours to function. This is OK if you've left a tap running in the bathroom, but no help if someone turns a firehose down your chimney.
So clearly in this case the developer did A Very Bad Thing, putting corporate code into a public github account. Reprehensible. Other developers had already done A Very Bad Thing hard coding credentials into code - not least, this prevents you from rotating your keys.
Nobody comes out well, and a wild guess says that AWS offered to refund the $64,000 if DXC went public as a cautionary tale.