A man accused of exploiting the Heartbleed bug to steal information on hundreds of people will appear in court later.
Stephen Arthuro Solis-Reyes, 19, is the first person to be charged in connection with the major internet security flaw.
Federal police in Canada say they arrested Solis-Reyes at his home in London, Ontario.
He has been charged with mischief and the unauthorised use of a computer to steal data from the Canada Revenue Agency’s (CRA) website.
Police said Solis-Reyes “extracted private information held by the CRA” by exploiting the security vulnerability.
The CRA said 900 social insurance numbers – similar to National Insurance numbers – were stolen last week.
Its website was closed for several days as a result.
Police said it took four days to track down the alleged culprit, adding that his computer equipment has been seized and the investigation is ongoing.
The so-called Heartbleed flaw in online encryption software OpenSSL allows hackers to eavesdrop on online communications, steal data, impersonate websites and unlock encrypted data.
OpenSSL is commonly used to protect passwords, credit card numbers and other data sent via the internet.