The owner of the infamous cybercrime website BreachForums was resentenced to prison, after his initial sentence of supervised release was vacated.
The man, Conor Brian Fitzpatrick, 22, of Peekskill, New York, was arrested and charged in March 2023, and BreachForums was taken down only days after.
According to court documents, Fitzpatrick admitted to being the owner and administrator of BreachForums, under the moniker of Pompompurin. He also agreed to forfeit over 100 domain names linked to the cybercrime marketplace.
In January 2024, he was sentenced to time served and 20 years of supervised release. However, between his arrest and sentencing, he stayed in jail for only 17 days, as he was granted pretrial release on bond, and arrested again before sentencing for violating the conditions of the bond.
In January 2025, the US Court of Appeals for the Fourth Circuit issued an opinion vacating the sentence and remanded the case for resentencing. Fitzpatrick was now resentenced to three years in prison for his role in operating BreachForums and for possessing child sexual abuse material.
Launched in March 2022 and also known as Breached, BreachForums became one of the largest cybercrime marketplaces, growing to over 330,000 members after cybercrime marketplace RaidForums was seized by law enforcement in February 2022.
During its one-year existence, BreachForums became popular for selling personally identifying information (PII), usernames and passwords, and bank account information.
The marketplace maintained and offered roughly 890 data sets of stolen information containing over 14 billion individual records of PII, the US Department of Justice says.
These datasets contained, among others, information on millions of users of telecommunications providers, social networking sites, and healthcare services. One database contained details on 87,760 members of InfraGard (an FBI-private sector partnership for protecting critical infrastructure).
“Conor Fitzpatrick personally profited from the sale of vast quantities of stolen information, ranging from private personal information to commercial data. These crimes were so extensive that the damage is difficult to quantify, and the human cost of his collection of child sexual abuse material is incalculable,” US Attorney Erik S. Siebert said.
After Fitzpatrick was arrested, a new BreachForums marketplace was launched by an individual known as Baphomet and the notorious ShinyHunters cybercrime group. It was shut down by law enforcement in May 2024, relaunched two weeks later, and was shut down again in April 2025.
Related: Developer Who Hacked Former Employer’s Systems Sentenced to Prison
Related: Scattered Spider Hacker Sentenced to Prison
Related: Hacktivist Sentenced to 20 Months of Prison in UK
Related: UK Student Sentenced to Prison for Selling Phishing Kits
