Do you have the ability to browse the mail log from your mail server? You can validate exactly how many emails left your system to this user if so. If someone other than him requested a new password it was likely either a bot or another malicious user trying to get access to his account (though I'm not sure what they thought requesting a new password would accomplish).