Mounties arrest man who used Heartbleed bug to steal Canadians’ tax data

The Royal Canadian Mounted Police have arrested a 19-year-old man who allegedly used a notorious security flaw to attack the country’s tax agency and steal data from 900 Canadians, it announced Wednesday.
The RCMP said in a statement that they have arrested 19-year-old Stephen Arthuro Solis-Reyes and charged him with two hacking-related charges over an incident that led the Canadian Revenue Agency to shut its website for five days.
“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” said an official.
The incident was one of the most high-profile security breaches related to Heartbleed, a two-year old flaw related to the software that many companies and governments use to encrypt their website data. Security professionals reported the flaw two weeks and provided a patch, but it remains unclear how many people knew about or exploited the bug.
In the case of the Canadian tax agency, the man grabbed 900 Social Insurance Numbers, a form of tax ID that is akin to the Social Security Numbers used by Americans.
The RCMP statement says the investigation is still on-going and that Solis-Reyes is to appear in court in Ottawa in July.