A 25-year-old former GCHQ intern has been sentenced to seven-and-a-half years’ imprisonment for illegally transferring classified national security data to his personal devices and possessing indecent images of children.
Hasaan Arshad, a computer science student from Rochdale, pleaded guilty to violations of the Computer Misuse Act and the Protection of Children Act, marking a severe breach of trust in one of the UK’s most sensitive intelligence agencies.
During a 2021–2022 Industry Year placement at GCHQ, Arshad worked on a technical development team handling highly classified information stored on a top-secret network.
Despite prior training and signing the Official Secrets Act during his 2019 internship, Arshad deliberately connected his personal mobile phone to his workstation on 24 August 2022.
He copied sensitive files onto the device, removed it from the secure facility, and transferred the data to his home computer.
The breach was uncovered on 22 September 2022, when Metropolitan Police Counter-Terrorism Command officers executed a search warrant at his residence.
Investigators discovered the classified material on an external hard drive linked to his desktop PC.
Forensic analysis confirmed the files originated from GCHQ’s restricted systems, exposing them to unsecured environments and creating what prosecutors termed a “significant risk” of compromise to national security.
GCHQ Intern Sentenced
Unrelated to the security breach, officers also recovered 44 indecent images of children—40 categorized as Category A (the most severe) and four as Category B—on Arshad’s personal phone.
These images were created between 7 and 23 September 2022, shortly after his GCHQ placement ended.
Arshad admitted to two counts of making indecent images during a January 2023 hearing at Manchester City Magistrates’ Court.
The dual nature of the charges complicated proceedings, with prosecutors emphasizing the deliberate disregard for legal and ethical boundaries in both cases.
While the child abuse material did not directly relate to his role at GCHQ, it underscored a pattern of criminal conduct occurring concurrently with his unauthorized data transfers.
Condemnation of ‘Flagrant Breach’
At the Old Bailey on 13 June 2025, Arshad received a six-year sentence for the Computer Misuse Act violation, with an additional 18 months for the Category A images to be served consecutively.
According to Report, GCHQ has not publicly commented on the incident, but the sentencing reinforces the agency’s zero-tolerance approach to security violations.
A concurrent 18-month term was imposed for the Category B images, resulting in a total of seven-and-a-half years.
Bethan David, Head of the Crown Prosecution Service Counter Terrorism Division, condemned Arshad’s “deliberate and intentional” actions, noting his awareness of security protocols.
“By transferring top-secret material to unsecured systems, Arshad jeopardized the safety of the UK,” she stated. The case highlights vulnerabilities in insider threat mitigation, particularly among personnel with access to classified networks.
GCHQ has not publicly commented on the incident, but the sentencing reinforces the agency’s zero-tolerance approach to security violations.
The Metropolitan Police emphasized the importance of interagency collaboration in tackling crimes that intersect national security and cyber-enabled offenses.
Arshad’s case serves as a stark reminder of the legal and operational consequences of breaching trust in critical government roles, while underscoring the evolving challenges in safeguarding sensitive data against insider threats.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
