You could absolutely revoke a ssn from a government database. The problem is the ssn is too small of number range to allow for that. You can basically state that ssn/name combo is no longer valid and you now need the new ssn/name combo authenticate. Not so dissimilar from user name password. Even better you could force companies to pay the government a nominal processing fee say 5-50$ per user exposed to ensure that loss of this info results in meaningful costs to the negligent company
> you now need the new ssn/name combo authenticate
The point is that an SSN/name pair is not a mechanism of authentication. Many companies are negligently using it in place of one because they don't actually care about fraud, having pushed most of the damage onto the public. Then they invented the nonsensical concept of "identity theft" to enshrine how they wish things worked, as a further fuck you to the public. So no, further entrenching anything about that broken approach is a horrible idea. Revoking a social security number makes as much sense as revoking someone's natural name.
