Your credit card and debit card payment information may have been stolen. Cybercriminals used a two-prong attack that let them scrape your payment information at hundreds of stores and restaurants.
Here's how it worked. Believe it or not, it started with a phishing email scam.
The hackers sent the affected stores emails with an attached Microsoft Word document. If they opened it and enabled macros, and many did, their point-of-sale systems were infected with a downloader called Punchbuggy. (Note: POS systems are where you swipe your payment card.)
That let the cybercriminals interact with the stores' POS systems. It gets worse.
Then, they used a memory-scraping tool called Punchtrack. They scraped payment card information that let them elevate their access to the POS systems.
Here's what we know so far. The names of the stores and restaurants have not been revealed, but there were hundreds of them. The good news is, Microsoft recently issued security patches to fix the flaws.
So what can you do to protect yourself?
First, make sure you're using the most up-to-date versions of Windows. To check that you are, on Windows 10: Start >> Settings >> Update & Security. Find out if your system is up to date under "Windows Update."
Then, make sure your computers, tablets and smartphones are protected with the best Internet security system available.