LONDON, Ontario — Canadian mounties have arrested a teenager who, they say, used the Heartbleed Internet bug to hack into the country’s tax agency.
Shortly after the Internet bug was revealed to the world last week, the Canada Revenue Agency suffered a data breach that leaked the Social Insurance Numbers of about 900 taxpayers. The agency was forced to shut down its website temporarily to prevent further theft of sensitive personal information.
On Wednesday, the Royal Canadian Mounted Police said it arrested 19-year-old Stephen Arthuro Solis-Reyes at his London, Ontario home a day earlier. During the police raid, agents seized computer equipment as evidence.
Solis-Reyes now faces two counts of computer-related crimes. He is scheduled to appear in an Ottawa courtroom on Thursday.
The arrest appears to be the first related to the Heartbleed bug since it was discovered last week.
Assuming Canadian mounties arrested the right person, Solis-Reyes could go down in hacking history. Whoever committed the breach single-handedly delayed the country’s tax-return deadline by nearly a week. The country’s taxing authority pushed back its tax-filing deadline from April 30 to May 5, a potentially costly wait.
The mounties, who function as federal law enforcement officers, were “working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations,” Assistant Commissioner Gilles Michaud said in a statement.
In the meantime, the tax agency is carefully combing through its computer systems to determine the extent of the damage.
“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” the Canada Revenue Agency said in a statement.
To address similar concerns in the United States, the IRS assured taxpayers its systems were secure. The IRS last week told taxpayers to ignore Heartbleed and file their returns anyway.