Canada’s tax-collection agency confirms that the Heartbleed vulnerability was to blame for the loss of tax-related information. During the patching process, the CRA discovered that the vulnerability had already been exploited, and someone managed to collect the Social Insurance Numbers (SIN) of approximately 900 people. The flaw allows an attacker to retrieve data stored in the webserver’s memory in 64kb chunks. Those impacted by the data breach will be contacted by mail, and will be given a dedicated 800 number to obtain additional information.”]