Luckily, it all worked out in the end. With the help of very smart people, he managed to retrieve the password.
So we know the encrypted disk image was very secure since even he could not access it.
But was it secure?Let's start with two definitions from ISO 27000:2012
property of being accessible and usable upon demand by an authorized entity.
preservation of confidentiality (2.13), integrity (2.36) and availability (2.10) of information
The definitions show us that "availability" is an important aspect of information security. The data must be "available on demand". In this case, the data was clearly not available on demand. Therefore the preservation of availability was not achieved. This means that an information security "event" occurred.
The encrypted disk image was so secure that it was insecure. The ultimate insider attack.
Agreed, the logic outlined above is a bit contorted, but you get the idea.
Most people think about security in terms of confidentiality - the system was "hacked". However, don't forget that availability is the third leg of the information security triad: