FBI dismantles cybercrime forum boasting data connected to breach affecting US lawmakers

The FBI has dismantled a cybercrime forum that boasted having data connected to security breaches affecting U.S. lawmakers and millions of citizens. 

The Justice Department (DOJ) said in a release that Conor Brian Fitzpatrick, a 20-year-old man from Peekskill, N.Y., made his first appearance in court on Friday for a criminal charge he is facing from allegedly creating and administering a major hacking forum and marketplace for cybercriminals called BreachForums. 

The release states Fitzpatrick was arrested on March 15, and the FBI and inspector general’s office for the Department of Health and Human Services conducted a “disruption operation” that caused the site to go offline. 

Data stolen on the site includes bank account information, Social Security numbers, other personally identifying information, hacking tools and breached databases, according to court documents. 

“All those operating in dark net markets should take note: Working with our law enforcement partners, we will take down illicit forums and bring administrators to justice in U.S. courtrooms,” Deputy Attorney General Lisa Monaco said in the release. 

The release said the alleged victims of the website include millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations and government agencies. 

Fitzpatrick’s arrest comes after a “significant data breach” occurred earlier this month at DC Health Link, which administers health insurance plans to members of Congress and their staff members. 

Rep. Joe Morelle (D-N.Y.), the ranking member on the House Administration Committee, said this week that at least 17 current and former members of Congress had their data exposed in the leak. 

The DOJ explained in the release that Fitzpatrick allegedly created and operated a “Leaks Market” subsection of the website for buying and selling hacked or stolen data, tools to commit cybercrime and other illegal materials. 

The agency alleges that Fitzpatrick offered to serve as an intermediary between people who wanted to engage in these transactions. It also claims that Fitzpatrick oversaw an “official” databases section where his platform sold access to verified hacked databases through a “credits” system. 

Fitzpatrick has been charged with conspiracy to commit access device fraud and could face up to five years in prison if convicted.