@SheHacksPurple I’ll bite. Engineer working on a CRUD interface for customer details didn’t check login against session variables. Anyone with login from lowest security level to admin could see all customer details. DBA wasn’t fussed with encrypting credit and contact details.

@SheHacksPurple Not really a security incident, but I did a re-design of an MDM in production, and accidently re-assigned Outlook, which caused the whole building to have Outlook deleted and reinstalled. That was a fun day.