[jiggawatts]

HOW!?

You've provided virtually zero information other than one-line comments that illuminate nothing.

Stop playing 20 questions. If you want to publicly complain about what would normally be considered a catastrophic lapse of public cloud security, provide more than zero details of how your system is architected and what you've done to investigate the issue yourself!

Do you use Storage Account keys? How confident are you that some developer hasn't pasted it into your codebase and maybe leaked it?

Are your keys stored (only) in a Key Vault? How secure is that vault? Have you checked its audit logs?

Have you rotated your keys?

Have you looked at the Storage Account diagnostic logs to see what's going on?

Have you even turned the logs on!? You mention legal compliance issues. Do you have your resource auditing configured to match your legal requirements?

Etc...

You come across as someone who has screwed up and is accusing the vendor.

"We've tried nothing and we're all out of ideas".

[xupybd]

I don't think they owe us an in depth analysis. If it were me, I would be careful to keep any identifying details away from this conversation.

[lopkeny12ko]

I agree with the parent commenter. You simply cannot make a claim that one of the largest cloud vendors is leaking customer data and refuse any meaningful clarification. And posting under a dummy account "AzureQueueMixup"? Why?

My sense is that OP is outright lying, probably works for a competitor, and is just trying to stir the pot.

[jiggawatts]

Nothing stops the OP from answering basic questions. A throwaway account not mentioning any specific organisation name won't breach confidentiality in any meaningful way.