The U.S. Department of Justice has resentenced Conor Brian Fitzpatrick, known online as Pompompurin, to three years in prison for operating the notorious cybercrime forum BreachForums and possessing child sexual abuse material (CSAM). Fitzpatrick, 22, from Peekskill, New York, had previously been sentenced to just 17 days of time served and 20 years of supervised release in January 2024. However, the U.S. Court of Appeals for the Fourth Circuit vacated this sentence, leading to the new, harsher punishment. Fitzpatrick pleaded guilty to one count of access device conspiracy, one count of access device solicitation, and one count of possession of child sexual abuse material.
The resentencing follows Fitzpatrick’s initial arrest in March 2023 and his guilty plea in July of that year. As part of his plea agreement, he agreed to forfeit a significant amount of assets, including over 100 domain names used to operate BreachForums, more than a dozen electronic devices, and cryptocurrency earned from his illicit activities. U.S. Attorney Erik S. Siebert for the Eastern District of Virginia emphasized the extensive nature of Fitzpatrick’s crimes, noting that he personally profited from the sale of a vast quantity of stolen personal and commercial data. Siebert also highlighted the “incalculable” human cost of his collection of CSAM, affirming that law enforcement will continue to pursue criminals who hide in the “darkest corners of the internet.”
BreachForums, which launched in March 2022 after the takedown of its predecessor RaidForums, was a criminal marketplace where bad actors could buy, sell, and trade stolen data from major companies worldwide. At its peak, the forum reportedly had around 330,000 members and contained over 14 billion individual records. Despite numerous attempts by law enforcement to shut it down, the forum has been relaunched multiple times under different domain names. In July 2024, the original BreachForums database was leaked online, exposing the information of its members.
The story of BreachForums continues to evolve, as it has been a persistent target for law enforcement. Last month, ShinyHunters, a group that took over the forum after Fitzpatrick’s arrest, announced that the marketplace had been compromised and was under the control of international law enforcement agencies. This claim came as the latest iteration of the forum, which had cropped up under a new domain, went offline. It posted a message stating that it and 14 other e-crime groups, including LAPSUS$ and Scattered Spider, had “decided to go dark.”
Ultimately, this case underscores the ongoing battle between cybercriminals and law enforcement. The resentencing of Conor Fitzpatrick to a meaningful prison term sends a clear message about the severity of these offenses. It demonstrates that the justice system is adapting to the complexities of online crime, with authorities willing to use all legal means to bring those responsible to justice. The continuous effort to dismantle forums like BreachForums highlights the persistent nature of cybercrime and the need for constant vigilance and coordinated international action.
Reference:
