Meijer mPerks point theft: Michigan man accused of selling shoppers' logins after unrelated data breach

Meijer suffered a loss of more than $1 million after customers' mPerks account information was stolen by a Michigan man and sold online. 

Nicholas Mui, 22, of Grand Haven is charged with one count of conducting a criminal enterprise, one count of use of a computer to commit a crime, and seven counts of identity theft stemming from the alleged theft.

Michigan Attorney General Dana Nessel says Mui obtained login credentials from a separate data breach and cross-referenced those credentials for access success with mPerks. He then allegedly sold this information.

Those who purchased the login information used customers' accrued mPerks purchase points for their own purchases. Points are earned by shoppers and can be used as cash for future purchases. 

Meijer learned about the thefts when customers complained about vanishing points in April and May 2023. This led to an investigation by the Fraud Investigation Section of the Michigan State Police. In September, a search warrant was executed and more $400,000 in cash and cryptocurrency was seized in connection with the operation. 

The company has reinstated the balances that were stolen from customers' accounts.

"This theft operation affected hundreds of Meijer customers and mPerks account holders, and cost the grocery chain over one million dollars," said Nessel.  "It is our belief we apprehended the main operative and driver of this sophisticated, wide-spread criminal enterprise, and I’m grateful for the partnership between my FORCE Team, the Michigan State Police, and Meijer." 

Related

Arrests made in high-end burglaries case, 'flashmob' thefts at Lululemon and Ulta stores in Michigan

Three Chilean nationals were charged with burglarizing rich homes back in February, while three others were charged with robbing several Ulta and Lululemon stores around metro Detroit.

Nessel is using what happened as a warning about password security. 

"If you are notified of a data breach, you should be changing your login credentials not just with that breach point platform, but also for any other accounts for which you use the same login credentials," she said. "Additionally, consumers should be changing their passwords at regular intervals, and not employing the same usernames and passwords across multiple platforms." 

Meijer sent FOX 2 the following statement regarding the data breach:

"We appreciate the efforts of the Michigan State Police and the Attorney General’s FORCE Team, in partnership with our Asset Protection team, to bring this individual to justice. This situation highlights the importance of changing passwords often and not using the same password for multiple platforms. We encourage any customer who believes they were a victim of this individual’s actions to contact Meijer customer care at 1-877-363-4537."

Watch FOX 2 News Live

Crime and Public SafetyAround MichiganNews