How can Boost Mobile have a 4-digit numeric password?

Boost Mobile has terrible security. The main password for accounts is a 4-digit numeric PIN – it must be 4 numbers. Behind that password is a lot of data: full name, date of birth, credit card information, phone number, etc.

I really can't believe it. It's so bad that it makes me wonder if it's intentional and nefarious.

But what are consumers to do? Complain on support forums for years? Isn't there some government body that regulates the security of companies who store such critical personal information?