A New York man received a three-year prison sentence for creating and operating BreachForums, one of the world's largest hacker forums, and for possessing child sexual abuse material.
What happened
The Justice Department resentenced Conor Brian Fitzpatrick, 22, of Peekskill, New York, to three years in prison on Tuesday. Fitzpatrick pleaded guilty to one count of access device conspiracy, one count of access device solicitation, and one count of possession of child sexual abuse material. The resentencing occurred after the U.S. Court of Appeals for the Fourth Circuit vacated Fitzpatrick's prior sentence of time served (17 days) and ordered a new sentencing hearing. As part of his plea agreement, Fitzpatrick forfeited over 100 domain names used in BreachForums' operation, more than a dozen electronic devices, and cryptocurrency proceeds from the scheme.
The backstory
BreachForums launched in March 2022 as a replacement for RaidForums, a major English-language hacking forum that law enforcement seized in February 2022. The platform grew into one of the world's largest English-language hacking forums, attracting over 330,000 members. Like its predecessor, BreachForums gained notoriety by selling access to high-profile database breaches containing sensitive personal information.
Going deeper
BreachForums maintained and offered access to at least 888 datasets of stolen information containing over 14 billion individual records of personal identifying information. The platform sold bank account information, social security numbers, usernames, passwords, and other sensitive data from various sectors including telecommunications, social media, investment services, healthcare, and internet service providers. Notable datasets included names and contact information for approximately 200 million users of a major U.S.-based social networking site and details of approximately 87,760 members of InfraGard, a partnership between the FBI and private sector companies focused on critical infrastructure protection.
What was said
"Following the dismantlement of RaidForums by law enforcement, the defendant set up and administered BreachForums, an online bazaar where criminals could purchase sensitive data," said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department's Criminal Division. "Today's sentence demonstrates the Justice Department's unwavering commitment to bringing to justice those who seek to sell stolen data to the highest bidder."
U.S. Attorney Erik S. Siebert for the Eastern District of Virginia stated, "Conor Fitzpatrick personally profited from the sale of vast quantities of stolen information, ranging from private personal information to commercial data. These crimes were so extensive that the damage is difficult to quantify, and the human cost of his collection of child sexual abuse material is incalculable."
Assistant Director Brett Leatherman of the FBI's Cyber Division said, "The FBI is working tirelessly to dismantle criminal marketplaces like BreachForums, and we are pursuing the full range of actors who run these platforms. Today's sentencing demonstrates that anyone who helps others profit from theft, fraud, and other cybercrimes is not out of reach."
By the numbers
- BreachForums had over 330,000 members
- The platform maintained at least 888 datasets of stolen information
- These datasets contained over 14 billion individual records of personal identifying information
- One database contained information for approximately 200 million users of a major U.S.-based social networking site
- Another database included details of approximately 87,760 InfraGard members
- Fitzpatrick forfeited over 100 domain names
- Since 2020, the Computer Crime and Intellectual Property Section has secured convictions of over 180 cybercriminals
- Court orders have returned over $350 million in victim funds
Why it matters
This case demonstrates the Justice Department's efforts to target cybercriminal marketplace operators following the pattern established with RaidForums' seizure. The resentencing sends a clear message that initial lenient sentences for cybercrime operators can be challenged and overturned, particularly when the scale of harm involves billions of compromised records. The forfeiture of cryptocurrency and domain names establishes important precedents for dismantling the infrastructure that enables these criminal marketplaces. Healthcare organizations should pay attention since stolen healthcare data was among the datasets traded on the platform, highlighting ongoing threats to patient information security.
The bottom line
The three-year sentence and asset forfeiture represent an escalation in consequences for cybercriminal marketplace operators. Organizations handling sensitive data must recognize that their information may be actively traded on platforms like BreachForums and invest accordingly in breach prevention and detection capabilities.
FAQs
What types of criminals typically used BreachForums?
The forum attracted hackers, fraudsters, and identity thieves seeking to buy or sell stolen data.
What role did cryptocurrency play in enabling these transactions?
Cryptocurrency provided anonymity and made it harder for law enforcement to track payments.
How does the forfeiture of domain names affect the cybercrime ecosystem?
Seizing domain names disrupts access to criminal marketplaces and prevents quick reactivation.
Why is healthcare data especially valuable on hacking forums?
Healthcare records contain personal details that can be exploited for identity theft and fraud.
