Hacked GMail Account

A customer's college age daughter had her GMail account hacked.  This was noticed when her father received one of the famous "I'm stuck in Spain, please send money" emails.  There was no danger that he would respond because he knew his daughter was not in Spain and the wording in the message is so strange that it had to have been witten by someone who is not a native speaker of English or is totally illiterate.

I have seen this with other folks recently, but this one is worse.  The hacker changed her password and security question and probably changed her secondary email address if she has one.  She has filled out GMail's online form to regain entry into her account.

My first reaction was to tell her to accept the loss and rebuild everything with a new account, but things are further compicated by the fact that she had sent some security information (I did not ask for specifics) and her social security number in a clear text email that still resided on the system when it was hacked.

My questions are 1) How much trouble could she be in?  2) Should I advise her to get Social Security number changed?  3)  What else can she do to get back her GMail accountan the information stored in it?