Since 2024 you can disable the root credentials on all accounts except the Organization management account: https://aws.amazon.com/blogs/aws/centrally-managing-root-acc...

I don't think the post mortem details whether the root access was on the org management account or an org member account.