BreachForums Hacking Forum Admin Resentenced to Three Years in Prison

Conor Brian Fitzpatrick, the 22-year-old behind the notorious BreachForums hacking forum, has been resentenced to three years in prison after a federal appeals court overturned his prior sentence. The case marks a significant turning point in the ongoing saga of one of the largest and most notorious English-language hacking forums, which was shut down by the FBI last year.

Fitzpatrick, who operated under the alias "Pompompurin," created BreachForums in 2022 after the FBI took down RaidForums. The forum quickly gained notoriety for its illicit activities, including trading and selling stolen data from telecom providers, social networks, healthcare companies, investment firms, and government agencies.

Fitzpatrick was arrested on March 15, 2023, and charged with conspiracy to solicit individuals to sell unauthorized access devices. At the time of his arrest, he admitted to FBI agents that he was Pompompurin and the administrator of BreachForums.

A Turbulent Appeal Process

Fitzpatrick initially pleaded guilty to Conspiracy to Commit Access Device Fraud, Solicitation for the Purpose of Offering Access, and Possession of Child Pornography. However, his case took an unexpected turn when he violated his pretrial release conditions by using the internet on unmonitored devices.

"After he entered his guilty pleas, the defendant used VPN services to conceal his use of the Internet and repeatedly utilized an unauthorized and unmonitored electronic device (or devices) to avoid detection by pretrial services," reads court documents regarding the resentencing. "Even now, the defendant has not provided pretrial services or the government with this unmonitored device (or devices)."

Despite prosecutors seeking more than 15 years in prison, Fitzpatrick was initially sentenced to time served, which included 17 days in jail and 20 years of supervised release. Under that sentence, he was placed on home confinement with GPS monitoring for two years, barred from internet access during his first year of release, required to install monitoring software on his devices, and required to undergo mental health treatment.

A New Sentence Takes Shape

However, the Department of Justice appealed the sentence, arguing that it was insufficient. In January 2025, the U.S. Court of Appeals for the Fourth Circuit vacated the original sentence and remanded the case for resentencing.

Today, Fitzpatrick was given a new three-year prison term on three counts: conspiracy to commit access device fraud, solicitation for the purpose of offering access devices, and possession of CSAM (Child Sexual Abuse Material). The revised sentence marks a significant increase from his initial sentence, reflecting the severity of his crimes.

The Rise and Fall of BreachForums

BreachForums was a hacking forum that rapidly grew into one of the largest English-language hacking forums, boasting over 330,000 members. The site became notorious for its illicit activities, including trading and selling stolen data from telecom providers, social networks, healthcare companies, investment firms, and government agencies.

However, it faced increasing pressure from law enforcement after a threat actor breached D.C. Health Link, a healthcare provider for U.S. House members, their staff, and their families, and began using the forum to sell and leak stolen data. It was soon after this breach that the FBI seized BreachForums and arrested Fitzpatrick.

Conclusion

The resentencing of Conor Brian Fitzpatrick marks a significant milestone in the ongoing saga of one of the largest and most notorious English-language hacking forums. The case serves as a reminder of the importance of law enforcement efforts in disrupting illicit activities online and protecting individuals from cybercrime.

Related Stories: