Hackers don't submit change requests
IT environment lead by a very bossy head of department. DNS servers got hacked as they were at least a year behind the recommended patch level and some hackers had successfully used some relatively new exploit against them.
Boss: Who made a change that allowed this to happen?
Me: Nobody here made any change. Some hackers used a new exploit, to which our DNS servers (at their patch level) are vulnerable.
Boss: But if someone made a change, why did they not submit a change request?
Me: Hackers don't submit change requests.
I am unsure if my voice betrayed the sarcasm that I was feeling.
Anyway, the systems guys were ordered to update their DNS servers (following an approved change request).