Techweb is carrying a report on two recent security/privacy incidents at US universities. Most interesting in the article is the following statement:
TechWeb | News | Hackers Break Into Two Universities, 100,000 Identities At Risk
"...The compromised data was limited to name and Social Security numbers, so the hackers could not have obtained credit card or driver's license numbers, bank account data, or any other financial information, the school said...."
I'm not sure that this should be any reassurance in this day and age. Just the names and social security numbers are enough for an identity theft to go to town on the credit of the students.