stop! thief!!

Tried to log in to one of my retirement accounts today, just to see how things were progressing. Couldn't do it, had a message to call. Called. "You have to talk to a supervisor." Passed to the supervisor, who ran through half a dozen questions to verify my identity, including stuff I never gave them, which must have come from a credit report.

Bottom line, someone got into my account on May 22, sold all of my stock and transferred the money to their own account. I was distressed. I expressed my displeasure at such a turn of events. The supervisor assured me that the investment company's software caught the "unusual activity" and halted the transfer of funds, though the sales were completed.

All of my responses to the questions were negative: no one has access to my password information, no one has watched me access the account, I've not done it in a public setting, I've not done it from another computer blah blah blah blah blah. So what is it? Apparently some kind of virus has invaded one of my computers and is operating a keystroke capture. I checked one of Mike's brokerage accounts and could not log in because of too many attempts. I'm annoyed and a little concerned, because I manage ALL of our financial life online, including a business account which pretty regularly gets good sized chunks of money in it.

Ever happen to you? What did you do?