Story highlights Bruce Schneier says it's worrying that the IRS hasn't fully complied with recommendations for upgrading security

Cybercriminals are using our financial information to commit fraud, gaining tax refunds illegally, he says

(CNN) Monday is Tax Day. Many of us are thinking about our taxes. Are they too high or too low? What's our money being spent on? Do we have a government worth paying for? I'm not here to answer any of those questions -- I'm here to give you something else to think about. In addition to sending the IRS your money, you're also sending them your data.

It's a lot of highly personal financial data, so it's sensitive and important information.

Bruce Schneier

Is that data secure?

The short answer is "no." Every year, the GAO -- Government Accountability Office -- reviews IRS security and issues a report. The title of this year's report kind of says it all: "IRS Needs to Further Improve Controls over Financial and Taxpayer Data." The details are ugly: failures in identification and authentication of network users, failures to encrypt data, failures in audit and monitoring and failures to patch vulnerabilities and update software.

JUST WATCHED Hackers 'stole a master key' to U.S. government Replay More Videos ... MUST WATCH Hackers 'stole a master key' to U.S. government 02:17

To be fair, the GAO can sometimes be pedantic in its evaluations. And the 43 recommendations for the IRS to improve security aren't being made public, so as not to advertise our vulnerabilities to the bad guys. But this is all pretty basic stuff, and it's embarrassing.