Police have charged a 19-year-old man from London, Ont., in connection with the loss of taxpayer data from the Canada Revenue Agency website.
Stephen Arthuro Solis-Reyes was arrested at his residence Tuesday and is charged with unauthorized use of a computer and mischief in relation to data, the RCMP said Wednesday.
A search of the residence resulted in the seizure of computer equipment.
The agency was forced to shut down its publicly accessible website Friday as the world learned about the Heartbleed computer bug, a previously undiscovered global Internet security vulnerability.
Other government computer sites were also temporarily taken down over the weekend.
On Monday, the agency said 900 social insurance numbers had been compromised.
The loss was detected Friday, but the agency delayed telling Canadians about it at the request of the RCMP.
The police said the delay allowed them to pursue their investigation through the weekend and helped track down a suspect.
"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," said Assistant Commissioner Gilles Michaud.
"Investigators from National Division, along with our counterparts in O Division, have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners."
The Heartbleed bug is caused by a flaw in OpenSSL software, commonly used on the Internet to provide security and privacy. The bug has affected many global IT systems in both private- and public-sector organizations and has the potential to expose private data.
The revenue agency has said it will notify everyone involved in the security breach by registered letter and will offer access to credit-protection services.