19-year-old Canadian was arrested on Tuesday for his alleged role in the breach of the Canada Revenue Agency (CRA) website, the first known arrest for exploiting the Heartbleed bug.
Stephen Arthuro Solis-Reyes (pictured) of London, Ontario faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data.
On Monday, CRA Commissioner Andrew Treusch announced that over the course of six hours, the Social Insurance Numbers of about 900 taxpayers were removed from CRA systems. The hack occurred only a day after CRA services were fully restored, following last week’s temporary shutdown due to the Heartbleed bug.
“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” Assistant Commissioner Gilles Michaud said in a statement.
A search of the suspect’s home led to the seizure of computer equipment. Police provided no further details about the ongoing investigation.
Solis-Reyes is scheduled to appear in court in Ottawa on July 17.
Uncovered early last week by a team of researchers from Google Security and Codenomicon, the Heartbleed weakness has been roaming the Internet for two years, leaving the door to encrypted data and personal information wide open to scammers.
Now, Web-based organizations are scrambling to patch their systems before they become the next Canada Revenue Agency.
Those 900 residents whose data was compromised can expect a registered letter informing them that they’ve been impacted; for added security, the agency will not be making phone calls or sending emails.
It will, however, provide the affected users with free access to credit protection services and will apply additional protections to their CRA accounts to prevent future unauthorized activity.
For more, see PCMag’s Heartbleed: The Complete Rundown. Also check out Heartbleed: How It Works and Heartbleed Bug: Should You Panic?
Also watch PCMag Live in the video below, which discusses the arrest of the 19-year-old hacker.