Former GCHQ intern risked national security after taking home top secret data
Hassaan Arshad was arrested in 2022 and charged under Section 3ZA of the Computer Misuse Act 1990


A former GCHQ intern has pleaded guilty to transferring data from a top-secret computer onto his work phone.
Hassaan Arshad, who was arrested in 2022, is alleged to have downloaded the stolen data onto a hard drive connected to a personal computer. He pleaded guilty to a charge under Section 3ZA of the Computer Misuse Act 1990, which relates to "unauthorised acts causing, or creating risk of, serious damage".
Areas and equipment labeled "top secret" within GCHQ house the government's most sensitive data. Information compromised here might cause a threat to life and/or the economic security of allied countries.
The case raises many questions about the highest level of the UK's national security and is a stark reminder of the vulnerability that mobile phones can create.
As Jake Moore, global cybersecurity advisor at ESET, puts it, the most serious data breaches often don't come from outsiders; they can simply stem from internal errors, poor controls, or invisible insider threats.
Moore previously worked for the Digital Forensics Unit and Cyber Crime Teams in the Dorset Police force, and spent 14 years investigating computer crime. He said the GCHQ case is another reminder of how easily sensitive data can fall into the wrong hands without robust preventative measures.
"Organizations need to remember to implement strict access controls such as locking down removable media and ensuring that only those with direct operational needs have access to sensitive areas," Moore said.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"Businesses also need to think about reducing the risk of mobile devices being used to capture sensitive data. It is worrying that personal devices were not banned from certain areas, but when phones are required, it can be effective to deploy Mobile Device Management (MDM) tools to limit device capabilities in high-risk zones, such as removing the use of the cameras."
When and where we use our phones has always been a big concern for security teams. Devices with electronic signals are often completely barred from high-level institutions, such as the CIA.
In the fallout of the Signal leak, where a journalist was inadvertently added to a classified conversation about an impending air attack in Yemen, the focus has mainly been on the use of the chat app.
However, as former CIA official William D. Murray pointed out, why was the director of the CIA using a mobile phone in the headquarters of the CIA?
MORE FROM ITPRO
- Nearly half of security practitioners told to ‘keep data breaches under wraps’
- Businesses must get better at sharing cyber information, urges former GCHQ chief
- Nearly half of EMEA data breaches were due to internal blunders
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.
-
Why are many men in tech blind to the gender divide?
In-depth From bias to better recognition, male allies in tech must challenge the status quo to advance gender equality
By Keri Allan
-
BenQ PD3226G monitor review
Reviews This 32-inch monitor aims to provide the best of all possible worlds – 4K resolution, 144Hz refresh rate and pro-class color accuracy – and it mostly succeeds
By Sasha Muller
-
Businesses must get better at sharing cyber information, urges former GCHQ chief
Jeremy Fleming, the former head of GCHQ, has warned businesses face increasingly sophisticated cyber attacks on critical national infrastructure (CNI).
By Rory Bathgate
-
UK and US pledge to punish cyber criminals at annual meeting
News Intelligence and defence officials met at the annual forum to discuss approaches to cyber security for the years ahead
By Connor Jones
-
GCHQ opens up about concealing cyber threats from global community
News In a series of publications from GCHQ and the NCSC, security directors explain why and how it keeps security threats a secret
By Connor Jones
-
GCHQ has "over-achieved" at developing state hacking tools
News The organisation has developed double the offensive cyber attacks than that of criminals
By Clare Hopping
-
Canada's spy agency releases its own anti-malware tool to the public
News The CSE says its scalability makes it an ideal fit for enterprise applications
By Dale Walker
-
The Queen formally opens National Cyber Security Centre
News UK cyber chief talks tough in the face of hacker threats
By Adam Shepherd
-
UK hit 'by almost 200 Russian cyber attacks' in three months
News Cybersecurity chief: Britain could soon be hit by a "category one" attack
By Adam Shepherd
-
Top GCHQ director calls security industry "witchcraft"
News Dr Ian Levy accuses the industry of creating a climate of fear
By Adam Shepherd