Through my tenure as a student at the University of Maryland from 2000 to 2004, my social security number also doubled as my student identification number. I'd use this number and a password whenever I logged into the college's online management system, Testudo, which I did for everything from course selection and monitoring grades to signing up for basketball tickets. (Go Terps! 2002 National Champs whooo!) I vaguely recall having the option to change my student ID number to something else, but neither I nor anyone I knew ever went to the trouble of doing so.
This state of affairs comes to my mind at the moment because of an e-mail I got earlier this week telling me that my alma mater "was the victim of a sophisticated computer security attack that exposed records containing personal information." My name, social security number, and birthday are likely part of a cache of nearly 310,000 leaked records belonging to students and staffers going back to 1998.
After reading the e-mail, I immediately reverted to journalist mode; surely a security breach of over 300,000 computerized student records was the kind of story that would be relevant to the readers of this site. When I consulted with Ars Security Editor Dan Goodin on how to cover it, though, the response was pretty lukewarm.