My mobile phone account has a bogus number (not generated by me!) as my SSN. Fortunately I know what it is so can recite it on a call. Which is why I don't want them to have my SSN in the first place!
It’s all fun and games until your bank reports something to the government under this SSN and it affects a person to whom its really assigned. Bonus points if “something“ has fiscal consequences for either of you.
Seriously, this is not kind of shenanigans you want to be doing for no reason at all, simply because the reason would be invented by someone else.
As my original comment says I don’t do this for anything tax-ish (for the same reason you mention). But there is no reason a phone company need know my SSN. Or the pharmacy.
That makes an unreasonable assumption that everybody across the whole industry is not just competent and can be trusted to have it together, but they also manage to achieve their important goals (which are not always having the cleanest code or architecture) using the same architectural dogmas as you do. One can define a datatype as FormattedValue | null, make a tuple of (value, present), have a special empty value or do all of that at once, because parts of the dataset were separately inherited during the merger.
I'm not saying it doesn't happen - I'm saying it's not the correct practice. When talking about financial services, this sort of garbage data could lead to compliance issues and financial penalties. Typically those mergers end up with remediation initiatives to at least ensure that all the invalid data is nulled out, or facilitate it's collection if it's critical.
As far as I am aware, that SSN is technically possible. Years ago SSNs could be traced back to the state/location of birth by looking at the first few digits (mine is like that), but they were changed to be completely random a while ago.