Arrest made in CRA 'Heartbleed' case: Police

Arrest made in CRA 'Heartbleed' case: Police

Arrest made in CRA A 19-year-old man has been charged in connection with the loss of taxpayer data - including 900 social insurance numbers - from the Canada Revenue Agency website, the RCMP reported Wednesday.

Stephen Arthuro Solis-Reyes was arrested at his London, Ont. residence Tuesday and charged with unauthorized use of a computer and mischief in relation to data, the RCMP said. Police seized computer equipment from his home.

The CRA reported on Monday that 900 SINs had been stolen just before it shut down its website last Wednesday. The loss was detected last Friday, but the agency held off releasing the information to Canadians at the request of the RCMP, while it conducted an investigation.

The CRA, and several other government websites, shutdown online services - including the popular tax-filing systems EFILE and NETFILE - due to the threat posed by the Internet encryption bug, Heartbleed,  which affects OpenSSL used software used by two-thirds of website providers to provide security and privacy to users.

The agency said it will notify those affected by the security breach by registered letter and offer free additional protection services. It has also extended tax filing deadlines to May 5 due to the five-day service disruption.
  • JoAnn 2014-04-16 4:04:53 PM
    Seems to me he's a very smart young man who would be better off utlizing his obvious intelligence for the good rather that the bad. He's only 19, so there is lots of time to lead him in the right direction once he's been punished for the mess he created...
    Post a reply
  • Manuel 2014-04-16 4:35:53 PM
    CS techies pride themselves on hacking into systems and accessing protected information. Businesses and the public are extremely vulnerable to this. A strong deterent is required to discourage this behaviour. Ironically, being young and bright, this hacker will probably be hired to replace the person who designed the software that he penetrated.
    Post a reply
  • Steve 2014-04-16 5:08:00 PM
    He will serve no jail time and make more money than all of us working on protecting the public from other hackers.
    Post a reply