BBC reported that a 19 year-old Canadian has been arrested for hacking into the website of the Canadian Revenue Agency (CRA) last Friday. The Royal Canadian Mounted Police said that Stephen Arthuro Solis-Reyes from London, Ontario had stolen 900 social insurance numbers using the "Heartbleed bug." The security bug, as discovered separately by both Google Inc and small Finnish security firm Codenomicon last week, allows hackers to exploit a flaw in OpenSSL, which is described as a cryptographic software library for services to keep data transmissions private. As a result of the security breach, BBC said that Canada's tax agency was forced to cut its services, albeit the fact that it was too late then.

The RMCP said in a statement, "It is believed that [Mr] Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug."

Assistant RMCP Commissioner Gilles Michaud said in a statement, "The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from National Division, along with our counterparts in "O" Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners."

Solis-Reyes was reportedly arrested at his home on April 15 without incident. The RMCP has formally charged Solis-Reyes with one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data. BBC said that the perpetrator is expected to appear in court for his case on July 17 this year.

According to security experts, breaches like the one with the CRA could be revealed soon as governments and firms around the world scramble to determine whether their systems are vulnerable due to the security bug.