Actually, I didn't see the aggregation function in the query that you sent over. At first glance it would appear that the alert shouldn't have fired. One potential cause (and the most common cause we typically see) is that your data was delayed more than the 15 min alert threshold. Looking at the underlying data points, however, I can't find any gaps more than a few minutes. The fact that someone changed the alerting threshold from 10min to 15 min however is interesting. It's possible that the data is delayed sometimes and every once in a while it's delayed more than 10 minutes. After the points come in, you can't tell it was delayed. I've sent this over to engineering to have a look.
In 3.0 we'll have a feature we can activate which will record the points at the time of alert firing. As soon as we upgrade you we can activate that feature and will have a better idea if it's caused by a delay in your data or some other issue.