Boost Mobile did not say how many people were affected by the breach. Engadget reached out to Sprint for additional information and will update this story if we hear back. As noted by TechCrunch, Boost Mobile notified California’s attorney general of the breach, an action that is required if more than 500 people in the state are affected by a security incident.

Details as to how a hacker apparently accessed the customer data was not provided by Boost. However, the company said the stolen information was used to login to user accounts through Boost’s website. Once in a customer’s account, the attacker could change settings. In response to the breach, Boost has provided affected customers with a temporary PIN sent via text that they can use to access their account. The breach comes less than a year after security researchers discovered a set of logins that made it possible to access limited sets of data belonging to Boost and Virgin Mobile customers.