HHS, FBI Disrupt BreachForums Cybercriminal Marketplace
The HHS Office of Inspector General and the FBI forced BreachForums offline, disrupting a marketplace used by more than 340,000 cybercriminals to buy, sell, and trade stolen data.
Source: Getty Images
By Jill McKeon
- Thanks to a joint effort by the HHS Office of Inspector General (OIG) and the Federal Bureau of Investigation (FBI), a cybercriminal marketplace known as BreachForums was forced offline, the Department of Justice (DOJ) announced.
In addition, BreachForums founder Conor Brian Fitzpatrick, 20, of Peekskill, New York, was arrested in mid-March and made his first appearance in court on March 24. Fitzpatrick allegedly created and administered a major hacking forum that allowed its 340,000 members to buy, sell, and trade stolen data since March 2022.
The platform offered its users bank account information, hacking tools, Social Security numbers, breached databases, and account login information, along with other personally identifiable information (PII).
Millions of US citizens and hundreds of organizations have been impacted by Fitzpatrick’s alleged crimes, the DOJ stated. The stolen datasets included sensitive information pertaining to social media, healthcare services, internet service providers, and more.
“This case sends a clear message that illicitly stealing, selling, and trading the personal information of innocent members of the public will not be tolerated, and that malicious cyber actors will be held accountable,” said Special Agent in Charge Stephen Niemczak of HHS-OIG.
“HHS-OIG and our law enforcement partners remain dedicated to protecting the American public and the integrity of government networks and data from these egregious cyberattacks.”
The BreachForums takedown comes almost one year after the DOJ seized its predecessor marketplace, known as Raidforums. Both marketplaces allowed cybercriminals to gain access to and exploit troves of stolen data.
“Following the seizure of RaidForums last year, cybercriminals turned to BreachForums to buy and sell stolen data, including breached databases, hacking tools, and the personal and financial information of millions of U.S. citizens and businesses,” said Assistant Director in Charge David Sundberg of the FBI Washington Field Office.
“The FBI and our partners will not let cybercriminals and those who enable them profit from the theft of sensitive data while hiding behind keyboards. This arrest and disruption of yet another criminal marketplace demonstrates the potency of our joint work to dismantle the digital structures that facilitate cybercrime.”
Fitzpatrick is charged with conspiracy to commit access device fraud and could face a maximum penalty of five years in prison.
