The US Department of Justice has announced it arrested the founder of BreachForums, the world’s largest hacker forum, which operated as a marketplace for cybercriminals to buy, sell, and trade hacked or stolen data and other contraband since March 2022.

Conor Brian Fitzpatrick, 20, of New York, made his initial appearance in the Eastern District of Virginia on a criminal charge related to his alleged creation and administration of a major hacking forum and marketplace for cybercriminals that claimed to have more than 340,000 members as of last week.

In parallel with his arrest, the FBI and Department of Health and Human Services Office of Inspector General (HHS-OIG) has conducted a disruption operation that caused BreachForums to go offline, the Justice Department said in a statement.

Among the stolen items commonly sold on the platform were bank account information, social security numbers, other personally identifying information (PII), means of identification, hacking tools, breached databases, services for gaining unauthorized access to victim systems, and account login information for compromised online accounts with service providers and merchants.

“Like its predecessor RaidForums, which we took down almost a year ago, BreachForums bridged the gap between hackers hawking pilfered data and buyers eager to exploit it,” said Deputy Attorney General Lisa O. Monaco.

Buy Me a Coffee

“All those operating in Dark Net markets should take note: Working with our law enforcement partners, we will take down illicit forums and bring administrators to justice in U.S. courtrooms,” Monaco added.

READ
Hackers Breach Maxar Space Systems, Expose Employee Data

Fitzpatrick’s alleged victims have included millions of US citizens and hundreds of US and foreign companies, organizations, and government agencies.

Some of the stolen datasets contained the sensitive information of customers at telecommunication, social media, investment, health care services, and internet service providers.

Fitzpatrick is charged with conspiracy to commit access device fraud. If convicted, he faces a maximum penalty of five years in prison.