The Internal Revenue Service may be helping cyber crooks get fraudulent refunds through weak internal controls, the General Accountability Office charged Tuesday.

Some IRS employees may release refunds even if indicators on taxpayer accounts show the tax returns are being looked at for possible identity theft, researchers with the Congressional investigative unit found.

The IRS estimated cyber crooks attempted to get $14.59 billion through tax ID theft in 2015 and succeeded in getting their hands on $2.24 billion.

The report said the number of people who called the IRS telephone help service and were able to get through nearly doubled this filing season from last (72 percent compared to 37 percent) but still labeled the response rate poor.

The study faulted the agency for not making information on how taxpayers can receive assistance from the IRS easily available.

A significant omission the GAO uncovered in cyber protection is the IRS doesn’t tell identity theft victims whether dependents were included on the fraudulent returns.

This could lead to children and other dependents on the bogus return to be targeted in the future by the same crook, GAO warned,