Up to this point, the company has no evidence that any information was stolen. They began notifying clients as a cautionary procedure and warned that if credentials were stolen from the company, customers should be on the lookout for further attacks. Although it is not confirmed that data was stolen, anyone who had an account from Barnes & Noble should begin the process of changing their password and ensure that the old password was not re-used on any other platforms. People should also be aware of phishing attacks targeting their associated email. Another good practice when making accounts on websites is to see if Multi-Factor Authentication (MFA) is available and set it up when it is. This will help prevent attacks if credentials are stolen until the affected parties get a chance to change their password. More can be read here: https://www.infosecurity-magazine.com/news/cyberattack-on-major-us-bookseller/