"They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google."
This is not supported by any of the leaked documents. GCHQ certainly had full access to Gemalto's email servers, and several documents refer to information retrieved from there. There is nothing to show that data was ingested into XKEYSCORE and absolutely nothing to show that the employees' personal emails were in XKEYSCORE.
XKEYSCORE holds metadata, it seems. One document that explicitly stated they knew the Thailand employee was emailing PGP encrypted files because of data they retrieved from XKEYSCORE. He then became a target as a result.
This is not supported by any of the leaked documents. GCHQ certainly had full access to Gemalto's email servers, and several documents refer to information retrieved from there. There is nothing to show that data was ingested into XKEYSCORE and absolutely nothing to show that the employees' personal emails were in XKEYSCORE.