Fifty-one retail outlets owned the United Parcel Service (UPS) in the US have suffered a data breach potentially exposing payment data.
A government notice to several firms led to the detection of the virus, which may have allowed hackers to collect customer names, postal and email addresses, and card information between January 20 and August 11.
Tim Davis, president of the UPS Store, said: "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue.
"Our customers can be assured that we have identified and fully contained the incident."
Not all information may have been exposed for each customer, and the firm has not received evidence of fraud linked to the hack.
Infections are said to be confined to individual stores, which each run independent networks unconnected to other franchises.
"I understand this type of incident can be disruptive and cause frustration," Davis added. "I apologise for any anxiety this may have caused our customers."
Customers whose information has been exposed are being offered free identity protection and credit monitoring services.