US Social Security Number Format Explained (Safe for Testing)

A US Social Security Number is a nine-digit identifier written as AAA-GG-SSSS: a 3-digit Area number, a 2-digit Group number, and a 4-digit Serial number. Since the Social Security Administration switched to random assignment on June 25, 2011, those digits carry no geographic meaning. That single fact breaks a lot of validation code written before then, and it's why this guide covers the structure, the ranges the SSA has guaranteed it will never assign, and how to pick numbers that are safe to drop into a test fixture.

What are the three parts of an SSN?

An SSN has exactly three parts: the Area number (first 3 digits), the Group number (middle 2 digits), and the Serial number (last 4 digits), written together as AAA-GG-SSSS. The two hyphens are display formatting only; the stored value is nine digits. The full address space is 10^9, one billion combinations, before forbidden ranges remove a slice.

What does the Area number (first 3 digits) mean?

The Area number is the first three digits, and before 2011 it identified the state or region where the application was filed. Numbers were handed out in geographic blocks, lowest in the Northeast (001-003 covered New Hampshire) and rising west toward the territories. After June 25, 2011, that geographic link disappeared for every newly assigned number ^{[ssa-randomization]}.

What does the Group number (middle 2 digits) mean?

The Group number is the middle two digits, and it ran from 01 to 99 — the value 00 was never used. It was never a demographic field. The SSA used it purely as an administrative device to split each Area into smaller blocks and to control the order in which numbers were issued within that Area.

What does the Serial number (last 4 digits) mean?

The Serial number is the last four digits, issued sequentially from 0001 to 9999 within each Group. The all-zero serial 0000 was never assigned to anyone. That guarantee is one of the facts that makes a whole class of SSN-shaped values permanently safe to use as test placeholders.

What changed with the 2011 SSN randomization?

On June 25, 2011, the SSA began assigning SSNs at random rather than by geography. Before that date the Area number encoded the filing state and Groups were issued in a predictable order. The SSA made the change to extend the longevity of the nine-digit pool, even out assignment across states, and cut the predictability that helped identity thieves guess numbers ^{[ssa-randomization]}.

Three consequences hit anyone writing validation logic. The Area number no longer maps to a state, so any table that infers a birth or residence state from an SSN is obsolete. Group numbers are no longer issued in high-group order, which kills the old 'High Group List' validity trick. And randomization opened previously unused Area numbers in the 700s and 800s, so hardcoded exclusion lists that block all 7xx and 8xx Areas now reject legitimate numbers ^{[ssa-randomization]}.

Which SSN ranges were never issued and are safe for testing?

The SSA has never issued numbers with an Area of 000, 666, or 900-999, nor any number with a Group of 00 or a Serial of 0000. These pass a naive nine-digit format check yet can never collide with a living person's number, which makes them the safest placeholders for fixtures and seed data. The IRS treats several of these as invalid on tax forms too ^{[ssa-employer]}.

• Area 000 — never assigned. Any SSN beginning 000 is guaranteed fake.
• Area 666 — deliberately skipped and never used as an Area number.
• Area 900–999 — never valid SSN Areas. (Note: 900-series nine-digit numbers are used for ITINs, individual taxpayer IDs, which are a different identifier, not SSNs ^[irs-itin].)
• Group 00 — the middle two digits are never 00 in a real SSN.
• Serial 0000 — the last four digits are never 0000 in a real SSN.

Each rule independently guarantees non-issuance, so a number that trips any one of them is safe. A value like 000-12-3456 or 123-45-0000 will never belong to a real person. That's the principle our generator uses for placeholder SSNs, and what our SSN validator flags — it confirms a value is structurally valid yet non-assignable before you drop it into a fixture.

One more category is worth memorizing: numbers the SSA issued and then publicly voided, now safe as fixed placeholders. The famous one is 078-05-1120, printed on sample cards in a 1938 Woolworth wallet promotion and used by more than 40,000 people before the SSA invalidated it. The agency keeps a short list of these 'advertising' numbers that should never validate as a real identity ^{[ssa-bad-numbers]}.

Is a format-valid SSN the same as an issued one?

No — format validity and issuance are completely separate. A format-valid SSN has digits inside the allowable structural ranges: a non-forbidden Area, a Group of 01–99, and a Serial of 0001–9999. An issued SSN is one the SSA actually assigned to a real person. No public API or list legitimately lets you check the second condition for an arbitrary individual, and you should not try.

A validator that claims a well-formed number is 'real' just creates liability with no upside. The only safe thing software can assert about an SSN is its shape.

In practice, your validation layer should reject malformed input — wrong length, non-digits, forbidden ranges — but never claim a well-formed number is 'real.' For testing you want the inverse of real: numbers structurally valid enough to exercise your code paths while being provably non-assignable. The never-issued ranges deliver exactly that. Libraries like @faker-js/faker generate placeholder values on the same logic: realistic shape, zero link to a real identity ^[faker-docs].

How do privacy laws classify the SSN in test data?

Major standards treat the SSN as high-sensitivity personal data even when synthetic, which is why mixing fake and real values is how leaks start. NIST SP 800-122 classifies the SSN as stand-alone, high-confidentiality PII and recommends minimizing its collection and storage ^{[nist-800-122]}. Under the EU GDPR, a national ID number is personal data per Article 4(1), while Recital 26 puts truly anonymous or synthetic data outside GDPR scope ^{[gdpr-personal-data]}.

Synthetic, never-issued SSNs let you build and test identity flows without touching regulated personal data. The UK ICO states plainly that genuinely anonymized data falls outside data-protection law, which is the safe harbor a never-issued SSN gives you ^{[ico-anonymisation]}. The cleanest compliance move in any non-production environment is to never load real identifiers at all.

How do I generate safe SSNs for tests?

Start at our identity generator on the home page to produce batches of placeholder identities, then run any value through the SSN validator to confirm it is well-formed and non-assignable. Hardcode test SSNs from the never-issued table above so reviewers can see at a glance the data is fake.

If you also need address, name, or document data for other locales, the per-country generators apply the same fictional-by-design principle to non-US identifiers. For demos and screenshots, the 000 and 900-series Areas read unmistakably as placeholders to anyone who knows the format — a small but useful signal that you handle identity data responsibly.