U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


February 15, 2018

Karen Kraushaar, Director of Communications
(202) 622-6500

Most Employment Identity Theft Victims Have Not Been Notified That Their Identities Are Being Used by Others for Employment

WASHINGTON – A computer programming error resulted in the Internal Revenue Service (IRS) not notifying 458,658 victims of employment-related identity theft that it identified in Processing Year (PY) 2017, according to an audit report that the Treasury Inspector General for Tax Administration (TIGTA) issued today.

Employment identity theft occurs when an identity thief uses another person's identity to gain employment. Employment identity theft can cause a significant burden to innocent taxpayers, including the incorrect computation of taxes based on income that does not belong to them.

TIGTA initiated this audit to assess the IRS's processes to notify employment identity theft victims in PY 2017. This included assessing the impact of the IRS's decision to notify only newly identified victims.

The IRS did not send the notice to any victims who had been identified as a victim of employment identity theft in previous years. A programming error limited notifications to only those victims whose information was identified on a PY 2017 return who were not previously identified as a victim. Each of these 458,658 taxpayer's SSNs were used on a tax return prior to PY 2017 and identified by the IRS as a victim of employment identity theft.

On September 27, 2017, the IRS prepared an information technology request to correct the programming error that was the source of the problem. In addition, the IRS plans to evaluate the results of its notice program after PY 2017, which is the first year of implementation, and determine an appropriate course of action with respect to previously identified potential victims of employment identity theft who were not victims in PY 2017.

Finally, 15,168 (13.5 percent) of the 112,445 employment identity theft notices that the IRS issued in PY 2017 were erroneously sent to taxpayers who were not employment identity theft victims. In most instances, these taxpayers were the spouses of taxpayers who filed legitimate tax returns reporting the spouses' wages and Social Security Numbers. The IRS mistakenly placed an employment identity theft marker on the spouses' tax accounts, which then generated the notices.

"Taxpayers need to be notified once the IRS is aware that their identities are being used by others to gain employment," said J. Russell George, the Treasury Inspector General for Tax Administration. "TIGTA's audit found that the IRS needs to improve its process of notifying them, and we have made specific recommendations for doing so," he added.

TIGTA made four recommendations in the report. The IRS agreed with TIGTA's recommendations and plans to take corrective actions.

Read the report.