The computer student who unveiled the extent of the Canada Revenue Agency’s cyber vulnerability – and thrust the issue of online security for businesses into the spotlight – has dodged prison time. Stephen Solis-Reyes of London, Ontario, pleaded guilty on Friday to two counts of mischief, one Canada Revenue breach, among other charges. The Crown has dropped 19 in total, which, if convicted, could have put him behind bars for at least a decade.
In April 2014, Solis-Reyes utilized the Heartbleed Bug, which de-encrypts personal information such as passwords and transactional information transmitted on websites, to hack into the Canada Revenue Agency’s system. The hack resulted in the Crown Corporation’s site going down for four days, and the national tax deadline delayed by a full week. His lawyer estimated it took only six seconds to compromise the CRA’s site.
While Solis-Reyes maintains his intentions were only to test the software vulnerability of national security systems rather than maliciously obtain and sell personal information, he has been given an 18-month conditional sentence, followed by two years’ probation and 200 hours of community service.
The onslaught of the Heartbleed Bug led to a flurry of panic for businesses, which scrambled to ensure their Open Secure Socket Layer technology practices were not among those affected.
Among the most vulnerable to cyber attacks are small businesses, which account for 31% of all cases. The insurance sector is among the most targeted due to the large amounts of confidential personal information they keep on file, Financial institutions such as brokers, banks and credit unions are also at high risk, according to Verizon’s 2015 Data Breach Investigations Report.
Cyber breaches cause an average loss of $250 per capita for affected businesses, for an average organizational total of $5.32 million per incident.
