I believe this is illegal in many U.S. states, and completely illegal in all countries in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR). If you were to have handed over the password, then your company would have the right to dismiss you, and perhaps take legal action regarding handling of their data. They would also have to contact their partners, and perhaps even their customers, if your employer was to even look at unrelated projects.