Two very different incidents
It seems to me that it may not be that big a deal that someone fluked a call through to the PM, as long as he's smart enough not to be social engineered (is he?). But the handing out of a mobile number, whether classified or not, for any employee, let alone a senior one, is a serious security breach. You try phoning my company (a bit of Googling will tell you who it is) and I will be absolutely gobsmacked if they give you my mobile number, job title or even confirm that I work there.
We expect GCHQ to be at least as resistant to social-engineering as major corporations, don't we? What really worries me is if the disclosed number was used to enable the second incident - did DC see a caller ID which initially led him to believe it was the director of GCHQ?