Basically he did something he shouldn't have/ He Scanned them again after reporting the bug to "see if they had fixed it" (per his claims).

It seems like he had no malicious intent (At least I believe him) but his school and the vendor basically went nuclear on him.