Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums.
Fitzpatrick, who went by the online alias “pompompurin,” was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $300,000 bond, and in July 2023, he pleaded guilty to the charges.
BreachForums was a major cyber crime marketplace that facilitated the trafficking of stolen data since March 2022. Prior to its shutdown, the website boasted of over 340,000 members.
Among the stolen items commonly sold on the platform were bank account information, Social Security numbers, personally identifying information (PII), hacking tools, breached databases, and account login information for compromised online accounts with service providers and merchants.
BreachForums also advertised services for gaining unauthorized access to victim systems. In all, millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies are estimated to have been impacted.
On top of that, Fitzpatrick operated a “Leaks Market,” acting as a trusted middleman (i.e., escrow) between individuals on the website who sought to trade hacked or stolen data, tools, and other illicit material.
“In addition, Fitzpatrick allegedly managed an ‘Official’ databases section through which BreachForums directly sold access to verified hacked databases through a “credits” system administered by the platform,” the U.S. Department of Justice said.
Court records obtained by DataBreaches.net show that Fitzpatrick’s mental health may have had a role in him escaping a prison sentence. A day before sentencing, prosecutors recommended a 15-year prison sentence for the defendant.
The 21-year-old is expected to serve the first two years of supervised release on home arrest with a GPS location tracker and undergo mental health treatment. He has also been ordered to refrain from using the internet for the first year and register with the state sex offender registration agency in any state where he resides.
The amount of restitution Fitzpatrick has to pay for victims’ losses has yet to be determined. Earlier this month, Fitzpatrick was jailed for violating the terms of his pre-sentencing release by using an unmonitored computer and a virtual private network (VPN).
That having said, law enforcement seizure of the domains in March 2023 has done little to stop the illegal service from going off the grid. In November 2023, BreachForums was resurrected by the infamous ShinyHunters group, who were previously known to be active on the Raid Forums, the takedown of which led to the launch of BreachForums.