USA Today writes how the recent IRS breach has allowed cyber criminals to steal up to $39M by filing fraudulent tax returns based on personally identifiable data exfiltrated in the attack:

Cyber-thieves responsible for a large IRS data breach stole as much as $39 million by filing fraudulent tax refunds after gaining access to taxpayer information, the head of the nation’s tax agency told Congress Tuesday.

IRS Commissioner John Koskinen provided the updated damage estimate on the embarrassing data breach initially made public last week and said federal tax officials are working with private tax-preparation firms in an effort to strengthen U.S. tax system security.

However, the federal inspector general who oversees the IRS predicted the agency could face additional computer attacks as preliminary investigation results show the cyber-thieves were part of an effort operated from Internet domains in Russia and other countries.

“For now, our biggest concern is for the affected taxpayers, to make sure they are protected against fraud in the future,” Koskinen told the U.S. Senate Committee on Finance, saying tax officials are contacting those affected and helping them secure their personal data.

Someone needs to be fired for such obvious negligence, and allowing a breach of this magnitude to happen.