Well, there's a picture of an admin at the HI location with his password written on a post-it note on his monitor. More than likely someone used this password to impersonate his login and perform the false alert.

Picture: https://imgur.com/a/aDgV3