A programming error kept the IRS from notifying hundreds of thousands of identity theft victims about criminals using their Social Security numbers to get themselves jobs in 2017, according to an internal investigation.

Last year, more than half a million Americans had their identities used by others to get hired, but only first-time victims received a notification from the IRS, the Treasury Inspector General for Tax Administration found. As a result, nearly 460,000 previous victims of employment identity theft were left in the dark about their information getting stolen yet again.

“Most identified victims remain unaware that their identities are being used by other individuals for employment,” TIGTA wrote in its report.

Auditors determined a programming error limited theft notifications to only those who were not labeled as victims in prior years. The inspector general brought the error to the attention of the IRS in April 2017, and the agency said it planned to implement a correction by Jan. 27.

IRS could not confirm to Nextgov whether the system has been updated.

To spot employment identity theft, IRS compares the Individual Taxpayer Identification Numbers and Social Security numbers on electronically submitted tax returns. When it finds a mismatch, the agency alerts the individual their identity may be compromised.

Of the 112,445 people who received notifications in 2017, investigators found roughly 13.5 percent weren’t actually victims of identity theft. The false alerts most commonly stemmed from couples double-filing returns that included the other spouse's wages and Social Security numbers.

“Employment identity theft can cause a significant burden to innocent taxpayers, including the incorrect computation of taxes based on income that does not belong to them,” said investigators, adding, “erroneously marking taxpayers’ accounts with the employment identity theft marker causes taxpayer burden and confusion when they receive the [identity theft] notice.”

In addition to updating the identity verification system, TIGTA recommended the IRS tell as-of-yet unnotified victims their Social Security numbers were stolen and alert those who accidentally received identity theft alerts to the agency’s mistake.

IRS agreed with all recommendations.