The worst case of this I heard was a crypto developer that lost 300k$ of clients money when he accidentally pushed some crypto keys to GitHub public repository. Last I heard he was getting sued.
Reminds me of the time I forgot to lock the Ansible vault before pushing my new playbook to production. Thankfully my boss caught it and was able to scrub the commit, but I still got a very, very stern talking-to.