Swift action has stopped an attack that stole credit and debit card details from retailers in 11 nations.
The attack, which used a malicious program called "Chewbacca", was discovered by security company RSA.
The server at the centre of the attack has now been shut down but not before thieves managed to grab details of 24 million transactions.
Retailers in 11 separate nations fell victim to the attack including shops in Russia, Canada, Australia and the US.
In the blogpost detailing the shutdown, security analyst Yotam Gottesman said the thieves grabbed data from equipment at cash tills in "several dozen" shops. RSA has contacted the shops and told them about the attack.
On point-of-sale equipment the malicious software disguised itself as a file that handled printing.
It was given the name "Chewbacca" because the login page for the server collating data from infected machines features a picture of the Star Wars wookie.
The group behind the attack tried to hide its tracks by routing stolen data through the Tor network that many people use to hide where they are browsing from.
Chewbacca comes in the wake of an attack on giant US retailer Target in late 2013. That attack also inserted malware on cash tills and card swipe devices and managed to scoop up details of more than 40 million credit and debit cards.
Luxury department store Neiman Marcus was also hit by thieves who used a similar tactic to grab card and personal details.
The attacks led the FBI to issue a warning to retailers alerting them to the changing attack patterns used by thieves and asking them to be vigilant about their point-of-sale equipment.