Blog Post

Mounties arrest man who used Heartbleed bug to steal Canadians’ tax data

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The Royal Canadian Mounted Police have arrested a 19-year-old man who allegedly used a notorious security flaw to attack the country’s tax agency and steal data from 900 Canadians, it announced Wednesday.

The RCMP said in a statement that they have arrested 19-year-old Stephen Arthuro Solis-Reyes and charged him with two hacking-related charges over an incident that led the Canadian Revenue Agency to shut its website for five days.

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” said an official.

The incident was one of the most high-profile security breaches related to Heartbleed, a two-year old flaw related to the software that many companies and governments use to encrypt their website data. Security professionals reported the flaw two weeks and provided a patch, but it remains unclear how many people knew about or exploited the bug.

In the case of the Canadian tax agency, the man grabbed 900 Social Insurance Numbers, a form of tax ID that is akin to the Social Security Numbers used by Americans.

The RCMP statement says the investigation is still on-going and that Solis-Reyes is to appear in court in Ottawa in July.

One Response to “Mounties arrest man who used Heartbleed bug to steal Canadians’ tax data”