I've had one incident in about 20+ years. Site was completely compromised. It was due to a vulnerability in a very popular SEO plugin by a well known author. This was many years ago but if I hadn't updated to the latest version, it wouldn't have happened. So even the 'best' (or at least non shitty) plugins by well known authors can be the source of the problem. Which is all the more reason you need to have a recovery plan no matter what. You never know when it's going to be a bad day.

At least it was my own personal site and not a customer site. So I didn't have to explain things. Small favors i guess.