A new study from Carnegie Mellon University might explain why most identity theft victims are never able to identify their attackers.

I found out my identity had been stolen the day I pulled five bounced check notices from the mailbox. I knew how much I’d put in and how much I’d taken out of the account, and I should have had a balance of at least $1,000.

It was the $2,000 worth of car parts purchased for an Acura (I drive a Volvo) in New Jersey (I live in Florida) that began the cascade of bounced checks.

Like most ID theft victims, my first question was “Who did this?”. But I never found out--not that time or the next time it happened two years later.

Now, thanks to the CMU researchers, I know the thief didn’t need my mail, my Social Security card or the expertise to hack into a computer. Identity thieves can guess at Social Security numbers.

If they take my date of birth and my place of birth—both of which are available in public records--they can figure out the first five digits of my SSN. They can determine the last four digits by checking the Social Security Administration’s Death Master File for the SSN of somebody born in the same small town and on approximately the same date. The last four digits of the SSN are assigned sequentially, so when they find that deceased someone’s SSN ends in 1234, it’s easy enough to figure out that mine is somewhere between 1230 and 1240.