Check your mailing lists
At one of my customers, one of the admins (a member of both the in and out-of-hours teams) was let go at 5pm on a Friday. It wasn't done horribly. They were allowed to clear their desk, say goodbye to everyone they wished to and then escorted from the building, which was company policy.
The duty sysadmin then set about changing the credentials on all the systems and cloud instances they had access to. This took about two and a half hours. He then emailed the revised credentials spreadsheet to the sysadmin mailing list so the out-of-hours team all had it and weren't locked out.
About 15 minutes later, the password change guy had a thought, "Did I check the sysadmin mailing list?" He did and found a personal email account belonging to the person who had just been let go was on it so he'd just emailed all the new credentials to them. It wasn't unusual for members of the out-of-hours team to have personal email addresses on the list to ensure they had updated passwords in case there was an enterprise email outage when they were changed. After a brief facepalm, he set about changing all the credentials again. I found him still in the office at 10pm muttering what a **** he was.
Fortunately, the exposure was mitigated by the fact that the person had been let go for being useless rather than for any form of misconduct so they probably lacked the where-with-all to carry out any nuclear level revenge but the situation was still far from ideal.
The moral of the story: Check your mailing lists to see who is on them before sending out password change notifications if you've let somebody go.