US universities have a new problem on their hands: identity thieves are hacking into their databases and stealing students' personal information in order to obtain credit illegally.
Universities account for nearly half of the breaches that have made personal information available to identity thieves this year, according to the Identity Theft Resource Center. It said university computer networks had proved to be relatively easy to hack, and that financially naive students did little to safeguard personal information.
There have been some 9 million victims of identity theft in the US, and the crime costs an estimated $50 billion (£28 billion) a year. Students are attractive targets even though they seldom have much money.
Jay Foley, executive director of the Identity Theft Resource Center, said:
"Imagine this: you're 18, I get access to your social security number before you start establishing that you are who you are, and I start opening up credit first. You suddenly go from being a starving student to someone who has a $40,000 to $50,000 income and a nice job. And it's all fiction."
Social security numbers, assigned to Americans at birth, are used by banks to track applicants' credit. They are supposed to remain secret, but many universities use the numbers on identification cards and other paperwork that is relatively easy to access.
"Everywhere in the system of the university, there's going to be access and references to you and your social security number," Mr Foley said. "(The number) is the key. And students don't particularly protect that information because at the age of 18, you're invulnerable. You're not considering your financial future."
Identity thieves have capitalised on this, stealing students' identities at the universities of California, Tufts and Stanford.
Students are among these thieves. A student at Boston College broke into the university computer system and stole some of his classmates' protected information, as did a former student at the University of Texas.
A new law in California requires public universities to report all such breaches. A similar measure has been proposed nationally.