[pedrocr]

Given that this was a spreadsheet it's more likely that someone hired the contractor directly without going through IT. When things were burning and IT was begrudgingly brought in to fix things they weren't predisposed to be kind. No rookies involved. Just the normal corporate IT dynamic where things move too slow so get hacked around with Excel and other kludges and everything works until it doesn't.

[lolc]

The article says that the spreadsheets were protected by a password that the contractor did not initially hand over. So yes, that was a oversight of Siemens.

[AnIdiotOnTheNet]

"Protected" office documents are the rough equivalent of putting up a 'Do Not Enter' sign and are just as trivial to bypass. If anyone had really cared enough to want to see the code, they could have.