When it comes to data breaches, most people would like to be warned shortly after. Unfortunately, that’s not always the case. Boost Mobile — a virtual mobile network owned by Sprint — recently announced that it had experienced a security breach almost two months ago.

In an announcement, Boost said the breach originally occurred on March 14th. The company went on to add:

“Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code.  The Boost Mobile fraud team discovered the incident and was able to implement a permanent solution to prevent similar unauthorized account activity.”

Boost didn’t specify how many accounts were impacted by the breach itself. However, as reported by TechCrunch, the company also notified the California Attorney General. That’s required by law when more than 500 in the state are impacted by a security breach.

By using phone numbers and account PINs, hackers were able to access customers’ accounts. The company said it sent texts out to those impacted, notifying them that they had a new temporary PIN code.

“If you have already changed your PIN code there is no further action necessary,” Boost wrote. “If you have not reset your PIN code we recommend that you reset it now.”

It’s unclear why Boost took so long to notify people of the breach.