Conor Brian Fitzpatrick, the founder and admin of the BreachForums, has been resentenced to three years in prison after his earlier sentence was overturned in January this year.
Fitzpatrick, who operated under the alias Pompompurin, created the notorious forum after an FBI sting operation took down RaidForums in 2022.
In March 2023, Fitzpatrick identified himself as Pompompurin and admitted to running the forum following his arrest. In July that year, the BreachForums founder pleaded guilty to conspiracy to commit access device fraud, access device solicitation, and possession of child sexual abuse material.
While prosecutors originally pursued a sentence of more than 15 years, Fitzpatrick was handed a sentence of 17 days (time served) and 20 years of supervised release.
According to the US Department of Justice (DOJ), this latest development came after a US appeals court vacated his prior sentence and remanded the case for resentencing.
“Today’s sentence demonstrates the Justice Department’s unwavering commitment to bringing to justice those who seek to sell stolen data to the highest bidder,” said acting assistant attorney general Matthew R. Galeotti of the Justice Department’s Criminal Division.
“To those seeking to operate a similar forum, take note: we will tirelessly investigate those who commit these crimes.”
BreachForums quickly became a haven for cyber criminals after RaidForums was taken down in 2022, boasting over 330,000 members and selling stolen data to the highest bidder.
Data hosted on the site included an array of personal information according to court documents, including bank account details, social security numbers, and usernames and passwords for various online accounts.
“BreachForums also maintained and offered access to at least 888 dataset of stolen information containing over 14 billion individual records of PII,” according to the DOJ.
Analysis of data hosted on the site was found to include a database containing the names and contact information for around 200 million users of a “major US-based social networking site”.
Another, the DOJ said, included details on over 87,000 members of InfraGard, an information sharing partnership between the FBI and private sector organizations.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Jaguar Land Rover says IT disruption set to continueNews The automotive manufacturer is still not fully operational after the recent cyber attack
-
Nearly 700,000 customers impacted after insider attack at US fintech firmNews FinWise, which provides loans on behalf of US financial services firms, revealed a former employee accessed sensitive customer information after leaving the firm.
-
How to check if you’ve been affected by Salesforce attacks – and stop hackers dead in their tracksNews The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last yearNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attackNews LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’News Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
