"Pompompurin" resentenced: BreachForums creator heads back behind bars

Conor Brian Fitzpatrick, the creator of the notorious BreachForums hacking forum, has been resentenced to three years in prison after a US appeals court overturned his prior sentence of time served and 20 years of supervised release.

Fitzpatrick, 22, of Peekskill, New York, operated the BreachForums marketplace where criminals traded hacked and stolen data - including bank account details, social security numbers, hacking tools, breached databases, passwords, and more.

Fitzpatrick, who used the online handle "Pompompurin", created BreachForums in the wake of the FBI's shutdown of its predecessor RaidForums.

RaidForums had been operating since 2015, and was considered one of the world's largest hacking forums with a community of over half a million users. Upon its demise in 2022, many of RaidForums' users jumped ship to Fitzpatrick's newly-created BreachForums to trade their stolen data.

Fitzpatrick helped support other cybercriminals buy and sell stolen data, hacking tools, and other illicit material, and profited by charging users for BreachForums credits and membership fees.

His criminal scheme came crashing down in March 2023 when the Department of Justice announced that it had disrupted the BreachForums website, and arrested its administrator.

By July 2023, Fitzpatrick had pleaded guilty to hacking charges and the possession of child sexual abuse material, and found himself awaiting sentencing.

While he was waiting for his trial, Fitzpatrick was released on bond - under condition that he did not use a PC without monitoring software controlled by the pretrial services offices, and not use a VPN. Unwisely for Fitzpatrick, those were promises that he found impossible to keep - and having violated the conditions, Fitzpatrick was arrested again in January 2024.

Finally, in January of this year, Fitzpatrick found himself receiving a surprisingly lenient sentence for his role in managing the BreachForums hacking site. While prosecutors had been seeking to see "Pompompurin" sentenced to more than 15 years in prison, Fitzpatrick ended up being sent to jail for just 17 days.

The end of the story? It seems not.

Because now Fitzpatrick has begun a new three year prison sentence, following the involvement of the US Court of Appeals for the Fourth Circuit.

"Following the dismantlement of RaidForums by law enforcement, the defendant set up and administered BreachForums, an online bazaar where criminals could purchase sensitive data," said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. "Today’s sentence demonstrates the Justice Department’s unwavering commitment to bringing to justice those who seek to sell stolen data to the highest bidder. To those seeking to operate a similar forum, take note: we will tirelessly investigate those who commit these crimes."

And what of BreachForums? Well, Fitzpatrick may no longer be running it - but it is still operating under a new domain, exploiting the notoriety that of a brand first created by Conor Brian Fitzpatrick.