The SSN is used as a way to genuinely identify someone, unfortunately - it’s like having to give out your password each time you rent an apartment or buy a car or obtain medical care or any number of other transactions. Having this info (along with other basic info like name/address/date of birth) lets you effectively pretend you are them. You can take loans out in their name or call some service to do a password reset (since you have all the info to verify you are them) or whatever else. But it’s not like there is one particular way in which the information can be used - it’s dependent on what businesses LET you do with that info. In 2024, NO business should use SSN to verify identity or authorize sensitive transactions but many do, and what they let you do varies significantly.
I think it’s important to distinguish between identification and authentication. As a unique database primary key, they’re fine. The problem was when a bunch of businesses decided it’d be too expensive to check things like government ID and started using them for authentication purposes. Nobody blinks an eye at using a phone number or email address on an application, but we should treat using your SSN or past addresses for authentication the same way we would if someone says they could approve a loan if you know your phone number and zip code.
