WASHINGTON, Sept. 18, 2025 – A New York man has been resentenced to three years in federal prison for operating BreachForums, a prominent cybercriminal marketplace, and for possession of child sexual abuse material (CSAM).
Conor Brian Fitzpatrick, 22, of Peekskill, New York, was originally sentenced to time served in the Eastern District of Virginia. However, the U.S. Court of Appeals for the Fourth Circuit vacated that sentence on Jan. 21, 2025, and ordered a resentencing, which took place earlier today.
Fitzpatrick pleaded guilty to access device conspiracy, access device solicitation, and possession of CSAM. He admitted to founding and operating BreachForums beginning in March 2022 following the law enforcement takedown of RaidForums. BreachForums quickly grew into one of the largest English-language hacking forums, with over 330,000 users and access to at least 888 stolen datasets containing more than 14 billion records of personal identifying information (PII).
The site was used to distribute stolen data from financial institutions, health care providers, telecommunication companies, and government-affiliated entities. One breach exposed records of 200 million users from a major U.S. social media platform; another revealed the details of nearly 88,000 members of InfraGard, a public-private partnership with the FBI.
As part of the plea agreement, Fitzpatrick agreed to forfeit over 100 domain names, more than a dozen electronic devices, and cryptocurrency linked to the forum’s operations.
The case was investigated by the FBI’s Washington Field Office and prosecuted by the DOJ’s Computer Crime and Intellectual Property Section and the U.S. Attorney’s Office for the Eastern District of Virginia. It is part of both Project Safe Childhood and the DOJ’s broader effort to combat cybercrime.
