Isn't it possible a hacker just spent his other money along with OP's in one transaction?
Maybe. But that wouldn't make sense, it's bad for the bad guy's privacy and more work.
Or that their office had malware all across the computers and there were more than 1 employee who used bitaddress?
Maybe. And because that's too much of a coincidence, unless someone convinced several people to do that.
Yes, but doesn't the administrator announce compromisation afterwards?
Maybe. But not if the site owner is behind the theft.
Isn't that what had happened with BitcoinPaperWallet?
No, it got sold, and the new owner scammed people. As far as I know, that's still ongoing.