The Social Security Death Master File (SSDI to you and me) can't be directly used to steal a Social Security number, because the numbers in the index belong to people known to be dead. But researchers at Carnegie Mellon University have found that the Death Master File can be used to predict a living person's SSN—if that person's state and date of birth are known.
CMU researchers Acquisti and Ph.D student Ralph Gross theorized that they could use the Death Master File along with publicly available birth information to predict narrow ranges of values wherein individual SSNs were likely to fall. The two tested their hunch using the Death Master File of people who died between 1972 and 2003, and found that on the first try they could correctly guess the first five digits of the SSN for 44 percent of deceased people who were born after 1988, and for 7 percent of those born between 1973 and 1988.
Acquisti and Gross found that it was far easier to predict SSNs for people born after 1988, when the Social Security Administration began an effort to ensure that U.S. newborns obtained their SSNs shortly after birth.
They were able to identify all nine digits for 8.5 percent of people born after 1988 in fewer than 1,000 attempts. For people born recently in smaller states, researchers sometimes needed just 10 or fewer attempts to predict all nine digits. [Link, via Metafilter]