To me it seems that there are 2 likely scenarios:

1) Your mobile is compromised. This is quite unlikely because you said you have 2 wallet files stored there but only 1 got compromised.
Further your wallet was password protected and since you didn't open it for 5 months it is quite odd that it got emptied 1 month ago.

2) Your mnemonic code somehow got exposed. That's what i would guess. You stored your mnemonic on a file server. Is there a (any) route from your file server to the internet? If yes, then most likely your file server somehow got compromised.

Number 2) would be my guess. What kind of software is running on your file server, which version? How is it running inside of your network (old PC, etc..)? Do you have a firewall set up?