Last month, in the wake of a series of massive breaches at the federal Office of Personnel Management, the Army issued a bulletin warning that some victims were being hit by hackers a second time, this time with an email phishing campaign asking them to input personal information into a third-party website to receive credit monitoring.

Except it turns out the email in question was completely legitimate. It was sent en masse by the OPM contractor providing notification and credit-monitoring services to the agency’s hacking victims. Army and Air Force investigations of the “phishing scam” delayed by several days both victim notification and credit monitoring benefits to Defense Department personnel whose private information had fallen prey to OPM hackers. The emails notifying victims and linking to information about the monitoring only went through after spam filters were reset.

The confusion over the credit-monitoring emails appears to reflect a larger lack of coordination among government agencies following the announcement of the breaches, the first of which compromised the data of 4.2 million people and the second of which the OPM has said effected some 22 million people.

The Army warned people away from opening the email providing notification and free credit monitoring in unequivocal terms. “In recent days, we’ve learned of a new phishing attack that attempts to draw the attention of recipients with the subject line, ‘Important Message from the U.S. Office of Personnel Management CIO,'” said a June 9 threat intelligence alert. The alert was quoted in the Army Weekly Protection Information Bulletin 5-11 June 2015, obtained by The Intercept.

The alert added that while the “phishing” emails purport to be from the Office of Personnel Management’s chief information officer, “users are actually directed to a fake website and asked to enter private information.”

“Close the message immediately and report it as spam to the Cyber Security Network Defense Team,” the alert ordered.

The Army attempted to correct its alert in a separate bulletin issued days later, in which it said that probes by the Army Criminal Investigative Division and the Air Force’s Office of Special Investigations had determined that OPM, not hackers, had actually sent the emails asking Defense Department employees to provide personal information via a third-party site.