A 19-year-old student has been arrested for allegedly exploiting the Heartbleed vulnerability to steal taxpayer data from as many as 900 Canadians, authorities said Wednesday.

The arrest of Stephen Arthuro Solis-Reyes by the Royal Canadian Mounted Police marks the first time authorities anywhere have publicly levied charges in connection to the malicious exploitation of a defect in the widely used OpenSSL cryptography library.

Canada Revenue Agency officials said they had removed public access to online tax services a day after the defect was discovered earlier this month.

But it was too late, and the Heartbleed flaw made it possible to pluck private encryption keys, passwords, and other sensitive data out of the private computer memory of the revenue agency's servers running vulnerable versions of the open source library.

"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," Assistant Commissioner Gilles Michaud said in a statement.

Solis-Reyes is a computer science student, according to the London Free Press.

The Heartbleed vulnerability is the result of a failure to carry out a routine bounds check in OpenSSL code that handles the Transport Layer (TLS) heartbeat extension. Heartbeat allows a connected Web client or application that sends messages to keep a connection active during a transfer of data. According to Netcraft, two-thirds of websites rely on OpenSSL to implement HTTPS encryption, although not all of them have Heartbeat enabled.

The Canadian Revenue Agency said it's putting in place measures to protect the people affected by the Heartbleed-enabled breach. It said it would notify victims by registered mail.

Solis-Reyes faces charges of Unauthorized Use of a Computer and Mischief in Relation to Data following his Tuesday arrest at his Ontario residence.