An intern who was blamed for one of the data security breaches at Ohio University has released a statement in which he says he's been scapegoated, and was merely following directions.
I'd be less sympathetic, but I've twice been told (ordered, directly) to say nothing in two similar situations, one a potential breach of confidential data, and the other definite data vandalism. The former was from an external intrusion, the latter from a (formerly) valued staff member.
It's not an easy situation in which to be; I resolved last time to ask for those directions on letterhead with a date and a single signature. Thankfully it hasn't happened again to me, although I know other breaches on campus here have been covered up.
Our industry is shameful, there's no other word for it, and we're all complicit: IT folks and management both.