Pompompurin, BreachForums Administrator, Sentenced to Three Years in Prison
Twenty-two-year-old American Conor Brian Fitzpatrick, better known by his alias Pompompurin, has received a new sentence in the case concerning the creation and administration of the notorious hacking forum BreachForums. An appellate court overturned his earlier punishment—which had amounted to time served in pretrial detention and twenty years of supervised release—and has now ordered him to serve three years in federal prison.
Fitzpatrick founded BreachForums in 2022 following the FBI-led takedown of RaidForums. The new platform quickly rose to prominence, becoming one of the largest English-speaking marketplaces for stolen data and illicit digital services. At its peak, the forum boasted over 330,000 registered members, offering access to corporate networks, telecom databases, social media accounts, healthcare providers, investment firms, and even government agencies. This activity epitomized black-hat hacking and cybercrime.
Law enforcement attention intensified after the D.C. Health Link breach, a healthcare service covering U.S. congressional staff and their families. The stolen data was put up for sale directly on BreachForums. Shortly thereafter, the forum was shut down and its administrator arrested.
Fitzpatrick was taken into custody on March 15, 2023, and admitted to being the individual behind the Pompompurin handle. By July, he had formally pleaded guilty to three charges: conspiracy to commit access device fraud, inducing others to traffic in access devices, and possession of materials involving minors. Such cases underscore the urgency of safeguarding personal data against leaks.
Initially, in January 2024, the court handed down a relatively lenient sentence—just 17 days of confinement, already served, coupled with long-term supervision, including house arrest, restricted internet access, monitoring software, and mandatory psychotherapy. Prosecutors, however, had pushed for a sentence exceeding 15 years and promptly filed an appeal.
Upon review, the higher court discovered that Fitzpatrick had repeatedly violated the terms of his release, using VPNs and unregistered devices to access the internet. These infractions proved decisive: in January 2025, the appellate court deemed the original punishment excessively lenient and remanded the case for reconsideration. Such underground forums, the court noted, often fuel the trade of stolen data across dark web leak sites.
At the new hearing, Fitzpatrick was sentenced to three years of imprisonment on all counts. The court cited his systematic violations of release conditions and his refusal to surrender devices through which he continued secret online activity.
BreachForums has entered history as the successor to RaidForums and, during its brief existence, became a pivotal hub of the cybercriminal underworld. Its closure and the sentencing of its administrator mark a symbolic milestone in the U.S. government’s ongoing campaign against clandestine marketplaces for stolen data—platforms that pose grave threats, from cyberterrorism to large-scale assaults on information systems.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
