The Royal Canadian Mounted Police in Canada have made the first of what is sure to be several more arrests related to the exploitation of the Heartbleed bug.

Officials arrested and charged Stephen Arthuro Solis-Reyes with unauthorized use of a computer and mischief in relation to data following an incident that forced the Canadian Revenue Agency (CRA) to close its website for nearly a week.

The breach took place last Friday, just days after the security vulnerability made headlines around the world and before the CRA was able to patch their servers. The 19-year-old from London, Ontario, managed to snag around 900 Social Insurance numbers which are similar to Social Security numbers in the US.

Given the undetectable nature of the vulnerability, some are questioning exactly how law enforcement officials were able to track the suspect down in the first place. Some have speculated that he might have been caught trying to sell or use the stolen data but that isn’t confirmed.

It’s also unclear exactly when the attack may have taken place. Did he exploit the bug before it was made public or was he simply able to take advantage of it before it was patched?

News of the exploit, which relates to certain versions of software library OpenSSL, first surfaced on April 8. A patch has been available ever since but even still, there’s no way to know how often it was used and by how many people. The best course of action is to change your login credentials at all of the sites that were affected.