The ability to maintain the system frequency within specified operating limits is crucial for the stability and proper operation of power systems. Any small deviation out of the permissible frequency range must be well-mitigated by the automatic generation control (AGC) system, otherwise it may result in disruption of operation and/or damage to the power grid equipment. The data required by the AGC control system is sent to the control center through communication links which are susceptible to cyber attacks. Therefore, such AGC systems have to be well-protected against false data injection (FDI) attacks. In this paper, the use of a simultaneous input and state estimation based algorithm to detect and concurrently compensate for FDI attacks against the measurements of AGC systems is investigated. Throughout the use of this algorithm, the FDI attack signal is dealt with as an unknown input and its value is estimated accordingly. Then, the estimated value for the FDI is used to compensate for the effect of the attack so that the control center makes its decision based on the corrected sensor signals, and not the manipulated ones. The proposed approach is tested under different types of FDI attacks and the simulation results for a 2-area and a 4-area practical system confirm its ability to detect, estimate FDI attacks and successfully compensate for it.