Just a side note here, most hackers won't really actually cause much damage unless they know what they're doing.
I set up a class Footy tipping and a few kids thought it would be funny to poke around legit numbers, which, of course, could have let them in to the Administration console, if they tried. However, (knowing year 7s), I retaliated, and, realized that, in fact, there was a small, minute hole I had not discovered: the fact that users were able to perform the common mysql_query() command (for those of you who know PHP). Personally, I'd define this not a genuine hacking, but as curious people who poke with legit numbers...
As for other experiences, I have a Linux server. I hadn't fixed a hole in the auto recover function in VI, allowing the user to put a recovered file into the system. Autoclean, the program that keeps the computer clean and running up to schedule, was modified, giving this user full superuser control (Do you think I learnt my lesson?!?!). At first, Autoclean ran as normal, but I watched and waited a the 'egg' hatched. The resulting reaction : poof! Not quite what this hacker wanted. He gained superuser powers, but couldn't use them because he had incorrectly set a critical parameter. Now this person knew what they were doing? So what to do? They know knew I was watching them, noting every move... What made this worse was that the connection couldn't be kicked. My last resort was to kill the server, I lost my website for a while, so what. If this person had of sucseeded, my server would be up the creek by now.
As you can plainly see, my experience has lead me to the two forms of hackers: the script kiddies (who really were kiddies) and the form of hackers that you really don't want to meat. However, we all are curious, and, we must satisfy this curiosity in one way or another (curiosity killed the cat, anyone??). We are somewhat worse than that cat. Then you have people who want to cause malicious damage (to websites, to places, to, well, everything that can be broken, smashed, vandalized... you get the point). In this case, my Linux hacker created a malicious code that was intended to do harm, underneath my very own eyes.
Indeed, this could happen to anyone, anywhere, any time. My point being, hackers will never really be defined between script kiddies and the real thing, and, no matter how hard and secure we build our systems, we will always be vulnerable to attacks of all kinds, whether genuine hackers or just kids who are playing around.
None.