OTTAWA, Canada–Federal police said Wednesday they have arrested and charged a 19-year-old man in the theft of 900 Canadian taxpayers’ data, which was made vulnerable by the “Heartbleed” bug. The Royal Canadian Mounted Police (RCMP) said Stephen Arthuro Solis-Reyes was arrested at his London, Ontario home on Tuesday without incident. He is scheduled to appear in court on Thursday to face charges of unauthorized use of a computer to steal data from the Canada Revenue Agency (CRA)’s website. “It is believed that Solis-Reyes was able to extract private information held by the CRA by exploiting the security vulnerability known as the Heartbleed Bug,” the RCMP said in a statement. The suspect was tracked down within four days after what CRA Assistant Commissioner Gilles Michaud had described as a serious security breach. Police said computer equipment was seized at the suspect’s home, and that the investigation is still ongoing.
The Canada Revenue Agency said 900 social insurance numbers — personal nine-digit codes required for working or accessing government benefits in Canada — had been stolen last week by “someone exploiting the Heartbleed vulnerability.”