A 19 year-old man from Ontario, Canada, has been arrested and charged by the Royal Canadian Mounted Police (RCMP) for a breach of taxpayer data from the Canada Revenue Agency (CRA) website.
According to the RCMP, Stephen Arthuro Solis-Reyes extracted private data from the CRA site by exploiting the Heartbleed Bug vulnerability.
Reyes was investigated by the RCMP's National Division Integrated Technological Crime Unit (ITCU), as part of the department's role in tackling computer crimes against the the Canadian Government and the country's critical IT infrastructure. He was arrested at his home on on April 15.
The hack was brought to the attention of the CRA after the Heartbleed Bug came to light when Canadian security agencies informed the CRA that around 900 Social Insurance Numbers had been exposed. It is also thought that some business-related data may have been exposed. It is believed that no other attacks on the CRA have taken place.
High priority case
"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," said RCMP Assistant Commissioner Gilles Michaud. "Investigators from National Division, along with our counterparts in "O" Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners."
Solis-Reyes is scheduled to appear in court in Ottawa on July 17. He is charged with one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data.