The Mounties said in a statement Tuesday that they asked the CRA not to tell the public Friday about the Heartbleed breach so they could investigate a "viable" path. The CRA spent days patching a hole in its security that allowed hackers to steal information without leaving a trace. The Heartbleed bug affected servers around the world.
"This deferral permitted us to advance our investigation over the weekend, identify possible offender(s) and has helped mitigate further risk" the RCMP said.
"The RCMP appreciates the co-operation of CRA, and appreciates the understanding of Canadians in this matter."
The RCMP would not provide further details about the suspect.
The CRA temporarily shut down some access to its website late Tuesday last week after warnings that a security flaw in website encryption software – the Heartbleed bug – could leave websites vulnerable to hackers.
The shutdown was extended to other government websites later in the week.
Bug hit two-thirds of servers in world
The CRA said Monday that it realized on Friday that 900 social insurance numbers had been stolen during a six-hour attack that exploited the Heartbleed vulnerability. It did not indicate when the hour attack had occurred.
The agency notified the privacy commissioner's office Friday and referred the matter to the RCMP.
Fears of a bug in the OpenSSL software used for encryption on two-thirds of the world's internet servers surfaced more than a week ago. The U.S. Department of Homeland Security issued a public warning on April 7. Public Safety Canada issued a notice about the vulnerability the next day, and by the end of the day, CRA had closed parts of its website.
The CRA restored public access to its site over the weekend and extended the tax filing deadline for Canadians to May 5.