@SheHacksPurple I’ll bite. Engineer working on a CRUD interface for customer details didn’t check login against session variables. Anyone with login from lowest security level to admin could see all customer details. DBA wasn’t fussed with encrypting credit and contact details.