BreachForums admin to be resentenced after appeals court slams supervised release

The founder and administrator of the cybercrime platform BreachForums will be resentenced after a three-judge panel vacated a controversial district court decision that set him free after just 17 days in prison. 

In a written decision published on Tuesday, Appellate Court Judge Paul Niemeyer slammed the District Court for the Eastern District of Virginia for giving Conor Fitzpatrick 20 years of supervised release after he pleaded guilty to a range of charges that included possession of child pornography and conspiracy to traffic in stolen personally identifying information. 

Fitzpatrick received the light sentence, Niemeyer said, because of his age — 21-years-old at sentencing — and his autism spectrum disorder diagnosis, leading the district court to conclude he would not receive adequate treatment in prison “and that he would be ‘ravaged’.” 

“On appeal, the government contends that the district court abused its discretion by imposing a substantively unreasonable sentence. We agree. Accordingly, we vacate the sentence and remand for resentencing,” he wrote.

Fitzpatrick was arrested in 2023 at his parent’s New York home and admitted to being BreachForums’ leading administrator “pompompurin” in interviews with the FBI. The Justice Department said BreachForums facilitated access to the sensitive personal information of millions of U.S. citizens and Fitzpatrick was involved in cybercrime cases involving the theft of information from the FBI as well as Washington, D.C.’s healthcare marketplace. 

Even after his plea hearing and release months later, Fitzpatrick violated the court’s conditions by accessing the internet and participating in Discord chatrooms through a new iPhone and VPN connection. 

“During his chatroom conversations, Fitzpatrick professed innocence to the very crimes to which he had pleaded guilty, stating that his plea deal was ‘so BS’ and that he had ‘wanted to fight it,’” Niemeyer said.

“He also joked with his friends about selling data to foreign governments, exhorting one user to ‘become a foreign asset to china or russia’ and to ‘sell government secrets.’ The chatroom participants also discussed hacking various targets.”

Fitzpatrick was detained in January 2024 for these parole violations.

Relying on testimony from two doctors who said he had autism and would not commit sex-related offenses again, the district court judge then sentenced Fitzpatrick to 17 days of time served and 20 years of supervised release, arguing the U.S. prison system could not protect him and that his parents would supervise him. 

Niemeyer slammed that decision, calling it “substantively unreasonable” and noting that it ignored Fitzpatrick’s role in creating and operating “the largest ever English-language online marketplace for buying and selling stolen personal data, which featured over 14 billion individual records of millions of persons.” 

He also noted that Fitzpatrick downloaded “at least 600 images of child pornography and viewed prepubescent girls engaging in sexual acts.”

“This sentence was even below what Fitzpatrick’s friends on the Internet in chats after his guilty plea had jokingly expected that he would receive — ‘ur gonna get like a month,’” Niemeyer wrote. 

“Moreover, the court does not appear to have considered how such an extreme variance might contribute to unwarranted sentencing disparities. The court seemingly failed to consider that Fitzpatrick immediately and continuously violated the conditions of his presentence release while at home under the supervision of his parents. Indeed, Fitzpatrick committed the very offenses at issue while living at home with his parents.”

Niemeyer added that in subsequent conversations with his friends, Fitzpatrick lied and said he never viewed child pornography. 

Niemeyer said the panel of judges found that the district court’s sentence was “an abuse of discretion,” prompting them to vacate the sentence and remand him for sentencing. 

Fitzpatrick created BreachForums in March 2022 with the goal of facilitating the purchase and sale of personal information that had been stolen by hackers in data breaches. He created the site after law enforcement shuttered a previous platform called RaidForum. 

Fitzpatrick himself earned nearly $700,000 by acting as a middleman for transactions on the site.