[calfuris]

PSA: If you are of a certain age, the last four digits might be roughly all of the useful entropy in your SSN. Be careful with them. Before 2011, the first three digits indicated the office that issued the number and the middle two (the "group number") were used in a publicly-known sequence. The Social Security Administration helpfully published periodic lists of the highest group number reached by each office. This makes it extremely easy to predict the first five numbers for people who were registered at birth, which became quite common in 1986 when tax laws changed to require children's SSNs to claim the associated tax credit.

[filoleg]

Tangentially related - wouldn't that mean that if you are an immigrant, then you are at least theoretically somewhat safe from that enumeration type of an attack?

Because if I got my SSN in my late teens, then my date of birth shouldn't mean much at all to anyone trying to use that method you describe, right?

[calfuris]

Your date and place of birth would not be helpful, but an analogous attack may be possible. The key factors are when and where you applied and that the SSN was issued before June 25, 2011.