Federal workers and retirees whose Social Security numbers and other financial information may have been stolen by Chinese hackers in an assault on Office of Personnel Management computers were given a roadmap to protect themselves Thursday night.

The Federal Trade Commission said current and past federal employees should examine their credit report for free at annualcreditreport.com for purchases and changes made by others.

Even if the breach didn’t involve credit card information, the FTC warned thieves may use Social Security number, address and date of birth to open accounts in a victim’s name.

The agency also urged workers and retirees at risk to put a fraud alert on credit reports so their identity must be verified before an institution can make a loan. An alert can be placed by calling TransUnion at (800) 680-7289, Experian at (888) 397-3742 and Equifax at (888) 766-0008.

The FTC said OPM will be notifying current and past federal workers what specific information was stolen about them.

Consumers whose bank account, credit card or debit card information was obtained by the thieves should cancel their accounts and cards and ask for new ones.

Automatic payments should be changed to the new number.

Over four million federal workers and retirees may have had their personal financial information obtained by the hackers.