I warned the local lottery about the security issues they had with their website (I was doing them some side work) but they didn't listen until someone defaced their website and the first thing they did was ask me if I did it.
Yes that usually is the case. You warn the administrators and managers about security issues and then when some script-kiddie runs a script and cracks the security and downloads the database, they blame you for it.
Sort of like this:
Programmer "Uh you really should use a numerical keypad to the server room, it is more secure than the doorknob lock which is so common anyone can find a key that fits it and rob the server room."
Management "Feh! Forget it, we don't have the budget for it. Besides that doorknob lock was on sale at Lowe's and fit out budget. The clerk there said it was lockpick proof, and that's good enough for us."
Later on someone picks the lock and then steals all the server hardware.
Manager "Someone broke into the server room. Hey programmer was it you, you seem to know a lot about locks and stuff?"
Programmer "No it wasn't me, if you followed my advice with the numerical key pad you wouldn't have had this problem. The lock you used made the server room insecure and allowed a robber to easily pick the lock and rob us all."
Manager "Yeah whatever, I'm pressing charges against you anyway."
I've worked for an asshole company that did that. We reached a stalemate after I managed to use my code ownership clause against them - basically "fuck off or I'll open source all your code".
I'll have to remember that should I find myself in another position to be hired or contracted by another asshole company to include a 'code ownership' clause and a 'right to open source the code" clause in case of any problems or difficulties.
I warned the local lottery about the security issues they had with their website (I was doing them some side work) but they didn't listen until someone defaced their website and the first thing they did was ask me if I did it.