Nope, just scareware. Use NoScript in browser, enable a firewall (eg. firewalld) and don't preview attachments in e-mails from unknown senders (unless your mail-provider provides proxy previews the attachments). Oh, and no reusing passwords.

https://support.google.com/a/answer/3299041?hl=en

Depends on your risk tolerance. Some entities can survive a single breached node, and some cannot. Those that have been breached, tend to be less tolerable (recency bias).