Skeptical here, ... because the guy should be in custody.
Wait and see, I guess.
It's not mutually exclusive.
The guy could have written this hack years ago, in case he ever did get fired.
I would guess that he had a "deadman timer" on this little bomb that was reset every time he logged in. If he didn't log in for (say) two months, then it would expire and the data would be lost.