The RCMP have charged a 19-year-old London, Ont,. man following the theft of 900 social insurance numbers from Canada Revenue Agency (CRA).
Stephen Arthuro Solis-Reyes was arrested at his home "without incident" on Tuesday, the Mounties said in a press release. He faces one charge of unauthorized use of a computer and another charge of mischief in relation to data.
Canada Revenue shut down access to accounts on its website last week after the discovery of the Heartbleed bug, a flaw in OpenSSL software used to sign in to websites, which allows personal data to be stolen.
The CRA reopened access to its site earlier this week, delaying the filing deadline to May 5 to allow for lost time. But the agency announced that 900 social insurance numbers had been stolen after the bug was discovered.
The Canadian Press reports:
OTTAWA - Police have charged a 19-year-old man from London, Ont., in connection with the loss of taxpayer data from the Canada Revenue Agency website.
Stephen Arthuro Solis-Reyes was arrested at his residence Tuesday and is charged with unauthorized use of a computer and mischief in relation to data, the RCMP said Wednesday.
A search of the residence resulted in the seizure of computer equipment.
The agency was forced to shut down its publicly accessible website Friday as the world learned about the Heartbleed computer bug, a previously undiscovered global Internet security vulnerability.
Other government computer sites were also temporarily taken down over the weekend.
On Monday, the agency said 900 social insurance numbers had been compromised.
The loss was detected Friday, but the agency delayed telling Canadians about it at the request of the RCMP.
The police said the delay allowed them to pursue their investigation through the weekend and helped track down a suspect.
"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," said Assistant Commissioner Gilles Michaud.
"Investigators from National Division, along with our counterparts in O Division, have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners."
The Heartbleed bug is caused by a flaw in OpenSSL software, commonly used on the Internet to provide security and privacy. The bug has affected many global IT systems in both private- and public-sector organizations and has the potential to expose private data.
The revenue agency has said it will notify everyone involved in the security breach by registered letter and will offer access to credit-protection services.
Because of the five-day shutdown of its E-file and Netfile services, the revenue agency has effectively extended the tax filing deadline for the same length of time. Returns filed by May 5 will not incur penalties or interest.