it's a lot worse than this.
as you see agencies are quick to shut down accounts with stolen or modified photos but in fact the thief gets no punishment, no jail, no invoices to pay, nothing, so what's exactly his risk ? near zero.
he can start over again with a new set of stolen pictures and he knows from the start that it will take a few months before being noticed, in the worst scenario he will still make some beer money from it with again zero risk.
as for those asking why agencies dont automatically check for duplicates, well it's not as easy and cheap as it seems, imagine alamy running a software like TinEye on its whole 30 million images archive, one photo at a time that's 30 million runups of software working on a whole data center and it cost a LOT of money ! and for what ? do you think they will start sueing image spammers one by one ? NOT gonna happen, ever, even if the stolen images have been sold.
your only chance is for instance to spot the stolen image being published somewhere with the thief's credit line, then emailing your agency and ask for a refund or something, good luck !