Connor Fitzpatrick, AKA Pompompurin, is going back to prison. The 22-year-old from Peekskill, New York, has been resentenced to another three years. He was the person behind BreachForums, a well-known website where hackers and buyers traded stolen data.
How BreachForums Started
BreachForums came online in March 2022. This happened right after law enforcement took down RaidForums, another major site. Many people who had used RaidForums quickly moved over. In only a short time, BreachForums grew into a massive community with over 330,000 members. It became the main English-speaking place for stolen data.
The forum made it easy to buy or share personal information. Bank account details, Social Security numbers, and passwords were all traded there. Prosecutors say the site hosted almost 900 stolen databases. Together, they held more than 14 billion records. Some of these came from big companies in telecom, social media, healthcare, and finance. One database included data from 200 million users of a U.S. social network. Another leak listed about 88,000 InfraGard members — people linked to the FBI’s private sector security program.
BreachForums wasn’t only about selling. Hackers also posted stolen data for free to show off or build their reputation. This made the site a mix of a marketplace and a stage where criminals competed for attention. Media often picked up on these leaks, which added to the forum’s fame.
Connection to RaidForums
BreachForums didn’t appear in a vacuum. RaidForums had been the main hub for years until it was seized by law enforcement in early 2022. When it was shut down, a hole opened in the underground scene. Fitzpatrick saw that gap and filled it. He styled BreachForums as the replacement, and it worked. Within months, it was bigger than any other English-language data market.
The Criminal Charges
Fitzpatrick pleaded guilty to three counts. The first was access device conspiracy. The second was access device solicitation. The third was possession of child sexual abuse material. That last charge had nothing to do with BreachForums itself, but it made the case far more serious. Prosecutors stressed that the harm from that material can’t be measured.
Under the plea deal, Fitzpatrick agreed to give up over 100 domain names linked to BreachForums. He also surrendered more than a dozen electronic devices and cryptocurrency profits made from the forum.
First Sentence and Appeal
At first, Fitzpatrick got a very light sentence. He was sentenced to “time served,” which was only 17 days in jail. Many people in the security community and beyond felt this was far too short. The case went to the U.S. Court of Appeals for the Fourth Circuit. In January 2025, the court threw out the original sentence. Judges said it didn’t fit the crimes. They sent the case back for a new ruling.
The New Sentence
On September 16, 2025, Fitzpatrick was given three years in prison. The Department of Justice made it clear that it wanted to set an example. Officials said the sentence shows their commitment to stopping those who run criminal marketplaces.
Matthew R. Galeotti, Acting Assistant Attorney General, explained that Fitzpatrick had stepped in after RaidForums was shut down. He built BreachForums into a replacement where criminals traded sensitive data. Galeotti said the new sentence should be a warning to anyone planning to run a similar site.
Erik S. Siebert, U.S. Attorney for the Eastern District of Virginia, noted that Fitzpatrick personally profited from stolen data sales. He said the scale of the crimes made the damage hard to measure, and that the child exploitation charge was “incalculable” in its human cost.
Brett Leatherman, Assistant Director of the FBI’s Cyber Division, added that the FBI will continue to target people who run these markets. He said the case shows that even administrators of dark forums can be reached by law enforcement.
High-Profile Leaks
BreachForums became linked to some of the biggest data leaks in recent memory. One of the largest was a dataset that claimed to include details of nearly a billion Chinese citizens. Other leaks involved telecom companies, hospitals, and major social media platforms.
The InfraGard breach stood out because of what it represented. InfraGard connects the FBI with private companies to help protect critical infrastructure. Having that membership data exposed raised concerns that criminals could target individuals involved in safeguarding key systems.
The Investigation
The FBI’s Washington Field Office handled the investigation. The case was prosecuted by Thomas Dougherty from the Department of Justice’s Computer Crime and Intellectual Property Section, along with Assistant U.S. Attorney Lauren Halper from the Eastern District of Virginia.
The DOJ noted that since 2020, the cybercrime unit has won more than 180 convictions and returned over $350 million to victims. The BreachForums case is one more example of how international and domestic cooperation can disrupt online crime.
