The Royal Canadian Mounted Police have announced that they have arrested 19 year old Stephen Arthuro Solis-Reyes in Ontario for connections with the Heartbleed bug. Solis-Reyes is being arrested specifically for having taken place in leaking around 900 social security numbers from the Canada Revenue Agency. The CRA released a statement earlier this week:
After learning that the Canada Revenue Agency (CRA) systems were vulnerable to the Heartbleed bug, the CRA acted quickly to protect taxpayer information by removing public access to its online services on April 8, 2014.
Since then, the CRA worked around the clock to implement a “patch” for the bug, vigorously test all systems to ensure they were safe and secure, and re-launch our online services late yesterday.
Regrettably, the CRA has been notified by the Government of Canada’s lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period. Based on our analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability. We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed.
If Solis-Reyes is the first person to be arrested in connection with the Heartbleed bug. He is due for trial tomorrow in Ottawa.