On 13 June 2025, the UK Crown Prosecution Service (CPS) announced that a former Government Communications Headquarters (GCHQ) intern was jailed for copying top-secret files onto his personal mobile phone and taking them home.
25‑year‑old Hasaan Arshad was sentenced at London's Old Bailey to a cumulative seven and a half years in prison.
Unlike many high-profile intelligence breaches, this case does not involve whistleblowing but was rather a more straightforward act of data theft. Arshad illicitly transferred 61.8 GB of top‑secret GCHQ materials, including the identities of fellow agents and active personnel onto a personal internet‑connected device, citing "curiosity" and a desire to finish a project he was assigned at home.
Arshad does not appear to have been driven by ideological motives. Instead, he was a low-level employee, an intern, who knowingly breached protocol and mishandled sensitive data. On 22 September 2022, police executed a search warrant at his home in Rochdale and discovered top-secret files stored on an external hard drive. During the same search, investigators also found a number of indecent images of children on his personal mobile phone, 40 of which were classified as Category A, and four as Category B, though these were unrelated to his work at GCHQ.
Leaks in the broader geopolitical landscape
This incident is not an isolated event. It comes amid a surge in high‑impact intelligence leaks. For instance, US intelligence recently had its share of internal breaches, with former CIA analyst William Rahman being sentenced to 37 months in jail for leaking highly sensitive documents regarding Israel's plans to strike Iran.
In another recent case, dubbed "Signalgate", a leak of Signal app communications among top US and White House officials, featuring conversations about imminent military operations exposed serious lapses in communications security.
Meanwhile, Iranian and Israeli agencies have accused one another of espionage: Iran claims it has seized Israeli nuclear documents, while dissidents continue leaking sensitive Iranian nuclear‑programme information.
These incidents highlight a trend: intelligence agencies, renowned for their secure environments and data management protocols, are repeatedly experiencing breaches that threaten both national security and international cooperation.
In the context of these intelligence failures and data management issues, the Arshad case emphasises the fact that espionage threats don't only come from rival states or sophisticated hacking groups. Sometimes, they come from within, via under-trained, or under-monitored employees.
To maintain operational integrity, intelligence agencies must go beyond merely reacting to individual breaches. They need to continuously test and monitor their internal ecosystems, and those who have access to them. Every person with access, be they seasoned analysts or temporary interns, must be rigorously vetted, monitored, and educated on the real-world consequences of information mishandling without over-relying on traditional clearance processes.
Technological barriers also need to evolve. It's not enough to have password-protected terminals or to ban USB ports, agencies must adopt adaptive monitoring systems capable of detecting unusual data access patterns or off-network transfers in real time. This means investing in behavioural analytics and intelligent alerting systems that don't wait for breaches to occur before springing into action.
The safeguarding of national intelligence is not just about encryption, firewalls, or physical access cards. It's about designing a resilient system where the human element is also the most alert, accountable, and secure. The lesson from the Arshad case is not just that interns can leak, it's that if the system lets them - the fault lies not just with the individual, but with the institution itself.