Heartbleed: RCMP charge London man in privacy breach at CRA
Published Wednesday, April 16, 2014 2:25PM EDT
Last Updated Wednesday, April 16, 2014 4:48PM EDT
A 19-year-old London man has been charged by the RCMP in connection with the breach of taxpayer data from the Canada Revenue Agency website.
The RCMP say Stephen Arthuro Solis-Reyes was arrested on Tuesday without incident. His lawyer, Faisal Joseph, says he voluntarily attended the London police station and has since been released.
"My client purports that he was told that if he did not come down 'voluntarily,' because they did not have a warrant for his arrest, that the RCMP would arrest him in the middle of his exams," Joseph says.
Solis-Reyes has been charged with one count of unauthorized use of computer and one count of mischief in relation to data. If convicted he could face a maximum of 10 years in prison.
Before the arrest, all the computer equipment at the Solis-Reyes' north London home was seized in an RCMP search.
Investigators say they believe Solis-Reyes was able to extract private information from the CRA by exploiting the Heartbleed Bug security vulnerability.
In a statement, RCMP Assistant Commissioner Gilles Michaud said "The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible."
Solis-Reyes is a second-year student at Western University majoring in computer science and a former Mother Teresa Catholic Secondary School student.
CTV News has also confirmed Solis-Reyes is the son of Roberto Solis-Oba, an associate professor in the Department of Computer Science at Western University.
Joseph believes his client's rights were violated in the arrest "You don't threaten him, you don't coerce him, you don't threaten to humiliate and embarass him in front of the entire country. You don't tell him to come down voluntarily or he's going to be arrested in public display in a way to humiliate him."
The RCMP say the investigation into the data breach at the Canada Revenue Agency continues.
The agency was forced to shut down its website on Friday after the Heartbleed Bug, a previously unknown vulnerability in global Internet security, came to light.
Then this week, it was disclosed that 900 social insurance numbers had been compromised.
Solis-Reyes is sheduled to appear in court in Ottawa on July 17.
With files from The Canadian Press