“`html
In what specialists are describing as a groundbreaking legal resolution, the 22-year-old ex-administrator of the cybercrime forum Breachforums will relinquish nearly $700,000 to resolve a civil lawsuit from a health insurance firm whose client information was advertised for sale on the forum in 2023. Conor Brian Fitzpatrick, also known as “Pompompurin,” is scheduled for resentencing next month after confessing to access device fraud and possession of child sexual abuse material (CSAM).
A redacted screenshot of the Breachforums sales thread. Image: Ke-la.com.
On January 18, 2023, members of Breachforums listed for sale tens of thousands of records — comprising Social Security numbers, birth dates, addresses, and phone numbers — pilfered from Nonstop Health, an insurance provider headquartered in Concord, Calif.
Class action lawyers filed a lawsuit against Nonstop Health, which included Fitzpatrick as a third-party defendant to the civil case in November 2023, just months after he was apprehended by the FBI and faced charges of access device fraud and CSAM possession. In January 2025, Nonstop consented to pay $1.5 million to resolve the class action.
Jill Fertel is a former federal prosecutor leading the cyber litigation division at Cipriani & Warner, the legal firm that represented Nonstop Health. Fertel informed KrebsOnSecurity that this is the first instance where a cybercriminal or anyone connected to the security breach was directly identified in civil litigation.
“Civil plaintiffs are highly unlikely to recover seized funds from threat actors associated with the breach to be made available to individuals affected by the incident,” Fertel noted. “Our best outcome was to make this money accessible to the class, yet it remains the responsibility of the individuals in the class who were affected to claim it.”
Mark Rasch is a former federal prosecutor currently representing Unit 221B, a cybersecurity company located in New York City. Rasch expressed that he does not dispute that the civil settlement involving Fitzpatrick’s criminal conduct is a remarkable legal advancement.
“It is uncommon in these civil cases to identify the threat actor involved in the breach, and it is equally rare to apprehend them with adequate resources to settle a claim,” Rasch stated.
Despite acknowledging the possession of over 600 CSAM images and being the operator of Breachforums, Fitzpatrick was sentenced in January 2024 to time already served and 20 years of supervised release. Federal prosecutors contested this, claiming that his sentence did not appropriately reflect the gravity of his offenses or act as a deterrent.
An excerpt from a pre-sentencing report for Fitzpatrick reveals he possessed over 600 CSAM images on his devices.
Indeed, in the same month of his sentencing, Fitzpatrick was rearrested (PDF) for breaching the terms of his release, which prohibited him from utilizing a computer that lacked court-mandated monitoring software.
Federal prosecutors asserted that following his guilty plea, Fitzpatrick logged onto Discord and denied guilt regarding the very charges to which he had pleaded guilty, declaring that his plea agreement was “so BS” and that he had “wanted to contest it.” The authorities noted that Fitzpatrick also joked with acquaintances about vending data to foreign governments, urging one user to “become a foreign asset to China or Russia,” and to “sell government secrets.”
In January 2025, a federal appeals court concurred with the government’s position, overturning Fitzpatrick’s sentence and directing him to be resentenced on June 3, 2025.
Fitzpatrick established BreachForums in March 2022 to take the place of RaidForums, a similarly well-known crime forum that was raided and dismantled by the FBI the month prior. As the administrator, his other persona Pompompurin acted as a broker, personally vetting all databases available for sale on the forum and providing an escrow service for individuals interested in purchasing stolen information.
A yearbook image of Fitzpatrick discovered by the Yonkers Times.
The new platform rapidly drew more than 300,000 users and facilitated the sale of databases seized from numerous hacking victims, including some of the largest consumer data breaches in recent history. In May 2024, a revival of Breachforums was seized by the FBI and international allies. Additional revivals of the forum occurred subsequently, with the latest disruption occurring last month.
As KrebsOnSecurity reported last year in The Dark Nexus Between Harm Groups and The Com, it is increasingly typical for federal agents to uncover CSAM material during searches of devices confiscated from cybercriminal suspects. While mere possession of CSAM constitutes a serious federal offense, not all individuals caught with CSAM are necessarily creators or distributors. Fertel mentioned that certain cybercriminal circles have been known to require newcomers to share CSAM material to demonstrate that they are not federal agents.
“If you’re venturing into the darkest areas of the Internet, that’s how you verify you’re not law enforcement,” Fertel explained. “Law enforcement would never share that material. It would be criminal for me as a prosecutor to obtain and possess such images.”
Further reading: The settlement between Fitzpatrick and Nonstop (PDF).
“`