Up until recently I was under the impression that the social security number was insufficient information to perform identity theft, and that in practice you will at least need the victim's SSN and name.
However, recent events and stories have made me start questioning this assumption. Is knowing only the social security number sufficient enough for someone to steal an identity? Would it be possible (or realistic) if you also took into account potential social engineering attacks, presumably against state agencies, which could reveal additional private information through leveraging the known SSN?