IANAL: No, there is a process of stuff before you will get fined. A human error does not suddenly lead to heavy fines, if you can prove that you put everything you can to prevent this from happening, i.e. follow all the processes GDPR defines like data processing agreements with third party processors, technical and organizational measures to protect against privacy violations, documentation of personal data stored with type of processing, type of consent, and such. what example would a data privacy agency set to fine a company that is fully compliant? I imagine you could even get court to side with you on not having to pay a fine.
data leaks of course are always a breach and must be reported. that doesnt mean you get a fine though.
Specifically, you'd look to Article 83[1]. It being an unintentional act (83(2)(b)), otherwise following best practices (83(2)(d)), taking steps to mitigate the damage (83(2)(c)), and that Twitter announced the breach (83(2)(h)) weigh heavily in favour of the fine being minimal, or there being no fine at all. Article 83(1) also notes that fines must be "proportionate and dissuasive" -- there is nothing proportionate about imposing the maximum fine for a simple error, nor dissuasive about fining a company that is otherwise compliant and following best practices.
data leaks of course are always a breach and must be reported. that doesnt mean you get a fine though.