The other scenario this happens is when deleting data. If, for example, you delete an Organisation, and forget to delete some data related to that Organisation (let’s say, it’s Invoices), then the Organisation field on the Invoice would become empty.
This is probably the most common scenario that could make a breach like this occur.