The RCMP’s National Division Integrated Technological Crime Unit (ITCU) has charged Stephen Arthuro Solis-Reyes, a 19-year-old resident of London, Ontario, in relation to the malicious breach of taxpayer data from the website.
Solis-Reyes was arrested at his residence on April 15 without incident after a search was conducted and computer equipment seized. He faces two charges: one count of unauthorized use of a computer and one count of mischief in relation to data.
The Heartbleed OpenSSL vulnerability, which may affect nearly two-thirds of websites, threatens to expose masses of usernames and passwords and other sensitive information worldwide. In Canada, the tax agency took the website down as soon as it became aware that it was vulnerable to Heartbleed, but not before hackers were able to lift information during a six-hour window. In all, about 900 social insurance numbers have been stolen.
“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” said Assistant Commissioner Gilles Michaud, in a statement. “Investigators from National Division, along with our counterparts in ‘O’ Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.”
Solis-Reyes is scheduled to appear in an Ottawa court on July 17, 2014.