Current and former federal employees should have received an email by now telling them if their personal information has been exposed.
The only problem is the email sent out looked to some like another hack attack.
Gerald Goodwin is a pharmacist and union leader at the VA hospital in Dallas. He is also one of approximately four million federal employees who had their personal information exposed from the U.S. Office of Personnel Management, including names, Social Security numbers and birth dates.
"I think it's inexcusable," said Goodwin. "Anything that you've ever put out on an app for federal employment or any questionnaires that you've found, the hackers have access to that information."
Goodwin got an email this week which told him to click a link to sign up for credit monitoring for 18 months. The email came from "Opmcio@csid.com" — a dot-com address, not a dot-gov address that many of the victims were expecting.
Some who received the email thought it was a phishing attack.
"Phishing attacks are when someone sends an email with a link and they trick them to open it," explained Rick Spurr, president and CEO of the cyber security company Zix.
That's what some federal workers thought was happening. The Federal Trade Commission even posted an article on how to tell if the email was the "real deal."
Although this was a legitimate email, security experts say workers were right to be worried because hackers are getting tricky by tailoring attacks to your interests. They may hack your email or check your social media to make the fake email look real.
"So I went to the ballgame this weekend. I bought baseball tickets. Well, if I got something back in the mail that said here's your link, I'm probably going to go, oh there they are," Spurr said.
For federal employees like Goodwin, the whole situation is maddening.
"Frankly I was appalled," he said, "that an agency like OPM wouldn't put in the cyber security measures to ensure that employees who have dedicated their lives to serve would at least be protected."
The OPM reports it stopped sending the emails briefly so they could be changed to make them more clear. If you're a federal employee or not, one of the the best ways to protect yourself is to freeze your credit. You can find out how to do it here.