If some action IS needed, look at the Strongbox reports, checking to see if just a few IPs are responsible for most of the attack. If so, those few IPs can be directly blocked via .htaccess or better yet via your firewall. On the other hand if the attempts are fairly evenly spread over thousands of IPs, we have some addon scripts you can use to help Strongbox more efficiently handle such a huge attack by automatically adding IPs to .htaccess or preferably to your firewall in an efficient manner.
On the other hand, there is another type of email that warns you of compromised passwords. If you get many of these with different user names that means many of your passwords are compromised. Most likely, the attacker has found some security hole in some PHP script you use and used it to download your whole password file. Because your password file is using decades old encryption that can be easily cracked, the attacker then decrypts all of your passwords and posts them on password sites. This can be a real headache. If this has NOT happened to you yet, imagine what it would be like if it did and consider upgrading your processor's password management script to our improved version with strong encryption. More information on how to prevent that and what to do if it has already happened is available on our site: