On March 14, 2019, unauthorized parties used credential stuffing techniques — using phone numbers as usernames combined with account PINs — to access an unknown number of Boost Mobile customer accounts. Boost Mobile (a prepaid wireless brand operated as a Sprint subsidiary) notified affected customers approximately two months after detecting the breach. Exposed data included phone numbers, account PINs, customer names, billing addresses, and account numbers. The two-month notification delay drew criticism from privacy advocates. Boost Mobile reset affected account PINs. This was one of multiple 2019 telecom account breach incidents, alongside a separate Sprint customer data exposure via Samsung’s website the same year. Note: Sprint/Boost was subsequently acquired by T-Mobile in 2020.