Bingo. He also most likely exposed additional valuable and proprietary IP to a third party that a) has no formal business relationship with the company and b) operates in a country notorious for IP theft.
Firing him is a no-brainer here, if this story is even true.
EDIT: he also opened a large portion of the company's codebase to potential sabotage. If I was in Company X's shoes right now I'd be doing a full audit of everything this joker has touched since he started, in addition to a full internal security audit of everything this mystery third party had access to. This kind of security breach is a Big Deal.
Firing him is a no-brainer here, if this story is even true.
EDIT: he also opened a large portion of the company's codebase to potential sabotage. If I was in Company X's shoes right now I'd be doing a full audit of everything this joker has touched since he started, in addition to a full internal security audit of everything this mystery third party had access to. This kind of security breach is a Big Deal.