In a company of 10,000, stuff like that happens with clockwork regularity; your security team is pitted against the sum of human ingenuity. You work to lower the base rate of security lapses, but even with the best tooling and education efforts, there’s that 1% or 5% you’re bound to miss. A breach is only a matter of time; your average CISO is losing sleep over this, not over buffer overflows.