If the Internal Revenue Service hasn’t notified you that your identity has been stolen, that doesn’t mean it wasn’t… or that the IRS won’t still take your money and blame the Social Security Administration or your tax preparer for not alerting you.

The Treasury Inspector General for Tax Administration (TIGTA) released a damning report on Tuesday about the inability of the IRS to notify victims of identity theft, even though the agency “is in a unique position to identify cases in which a taxpayer’s [Social Security Number or] SSN has been compromised.”

IRS failed to alert 100,000+ taxpayers damaged by massive data breach – inspector generalhttps://t.co/fypalN8rRYpic.twitter.com/4INH7POgvS — RT America (@RT_America) June 8, 2016

Between February 2011 to December 2015, the IRS identified almost 1.1 million taxpayers who had been victims of employment-related identity theft, which is when someone ‒ usually an illegal immigrant ‒ uses a person’s SSN to get a job.

The IRS is able to identify when such a theft happens after electronic tax returns are filed, and the individual taxpayer identification number doesn't match income documents associated with the accompanying SSN.

Another avenue that identity thieves are taking is through tax preparers. On Tuesday, the IRS released a video that warns tax professionals that cybercriminals increasingly are targeting their offices and their data, and urges them to take the necessary steps to protect themselves and their clients.

Once the IRS discovers the identity theft, though, nothing happens. The victim is not notified, nor are other government agencies. The agency has previously said that federal law prevents it from telling taxpayers who stole their identity, the Washington Times reported.

“The IRS has not established an effective process to ensure that the required notice is sent to the Social Security Administration (SSA) to alert it of earnings not associated with a victim of employment-related identity theft,” the report found.

“The lack of a formal process to ensure that the SSA is notified of income not associated with an innocent taxpayer is problematic because this notification is essential to ensure that victims’ Social Security benefits are not affected,” it added.

The lack of notification is not a new problem. In April 2014, the IRS started a pilot program that would notify taxpayers that they may be a victim of employment-related identity theft. They would have then needed to take action to “claim they are a victim of identity theft and request that the IRS not make assessments based on income earned by an identity thief.”

The program failed, though, because it did not use a representative sample of victims, TIGTA said. The IRS decided to try again with a pilot program in which the agency would mail letters to a more representative sample of taxpayers.

“However, this pilot was cancelled due to a lack of funding and other competing priorities,” the report found. “Without proper notification, taxpayers are likely unaware that they are victims and will not know the additional steps they should take to protect themselves from financial harm.”

The IRS has long complained of a lack of money, blaming Congress for underfunding the agency and hampering its ability to enforce laws.

“Over the last five fiscal years, with roughly a 10 percent reduction in funding from 2010 to 2015, Congress has cornered the IRS into cherry picking what services it can afford to provide American taxpayers,” Senator Tom Carper (D-Delaware) said at a Senate Finance Committee hearing in April, when the issue first came to light. “When it comes to protecting American taxpayers’ sensitive information online, Congress continues to ask the IRS to do more with less by enacting deep and damaging cuts to the agency’s budget.”

Read more

For the fiscal year 2016, which began October 1, 2015 and ends September 30, 2016, the IRS’s funding was increased by $290 million to $11.2 billion, a sum which included assets to fight cyber fraud and identity theft.

At that same hearing, IRS Commissioner John G. Koskinen told senators that it may take new legislation from Congress to let his agency inform taxpayers they’d been the subject of identity theft.

“All of us can agree that victims need to know that they’re victims, and need to know that an agency of the federal government, whether it’s IRS or whether it’s SSA, or both, ought to have some ability to talk to each other,” Senator Dan Coats (R-Indiana) said at the time.

Coats has, in fact, proposed legislation that he has touted as the only way to fix the problem identified by TIGTA.

“It is stunning that the IRS has chosen to aid and abet identity thieves for so long instead of protecting the innocent victims of the theft,” Coats said in a statement in response to the report. “I hope that this report and my legislation will force the IRS to do the right thing.”

The IRS is less concerned with identity theft, however, than it is with making sure that the taxes are paid, regardless of who’s paying them, Koskinen said at both that hearing and a House Small Business Committee hearing the following day.

"Our job is to make sure people pay the taxes they owe from the earnings they've had," Koskinen told representatives in April. "To the extent that they're here under circumstances that don't meet the immigration laws or don't correspond with the Social Security Administration, it's really [other] agencies' job to pursue that."

“We have Social Security and immigration authorities and others who enforce that part of the law, and if we start looking behind the system and doing their job for them, we’re going to discourage a lot of people from paying the taxes they owe,” he added.