Hasaan Arshad, a 25-year-old computer science student from Manchester University and GCHQ intern, has been sentenced to seven and a half years in prison for a severe data breach that compromised national security. On August 24, 2022, Arshad flagrantly violated strict security protocols by using his mobile phone to extract classified information from a secure GCHQ system and transfer it to his private computer.
Despite being an academically gifted “perfectionist” with autism spectrum disorder, Arshad’s actions demonstrated what Mrs Justice McGowan described as “intellectual arrogance” and a belief that “the rules do not apply to him.” He pleaded guilty to offenses under the Computer Misuse Act—carrying a potential life sentence—including unauthorized removal of top-secret material. Additionally, he admitted to possession of indecent imagery relating to child exploitation, found on his personal phone after arrest.
Mrs Justice McGowan imposed a six-year sentence for the data breach and an additional 18 months for the sexual offenses. She emphasized the extreme risk posed by Arshad’s conduct, noting that although there was no evidence he intended to disclose, sell, or ransom the data, the potential damage was “incalculable.” Part of the case, including harm assessment, was conducted behind closed doors due to the sensitivity of the information.
READ MORE: Class A Drugs Seized in Gloucester Drug Bust; Two Men Charged
READ MORE: Royal Family’s Trooping the Colour move signals a “significant” moment for Harry and Meghan
The breach resulted in the loss of a critical tool under development at GCHQ, risked revealing the identities of 17 colleagues, and eroded trust with intelligence partners. Prosecutor Duncan Atkinson KC stated that Arshad’s actions created a significant threat to national security by potentially exposing British intelligence methods to hostile foreign states or terrorist groups. GCHQ, working alongside MI5 and MI6, relies on ultra-secure environments to monitor and thwart threats to the UK, and such breaches undermine these vital operations.
During his industry placement at a secure GCHQ site near Cheltenham, Gloucestershire, Arshad had access to classified systems and signed the Official Secrets Act. He was made explicitly aware that top-secret data had to remain within controlled, secure environments. Nevertheless, he used a work-provided mobile handset to remove sensitive material, transported it to his home, and stored it on a removable hard drive connected to his personal IT system.
Arshad admitted to acting out of curiosity and a desire to complete his placement project, hoping to impress for possible future employment, without any intention to share the information. Defense counsel Nina Grahame KC described him as reckless and naive, driven by ambition and perfectionism. She also noted the distress caused to his family, who are concerned about his wellbeing in prison.
Bethan David, head of the Crown Prosecution Service’s Counter Terrorism Division, underscored that Arshad knowingly breached GCHQ’s strict security protocols despite signing the Official Secrets Act. She affirmed that the CPS remains committed to prosecuting anyone jeopardizing the country’s safety.