Uber CEO, Dara Khosrowshahi, has admitted the company suffered a huge privacy breach in 2016, with reports alleging the hackers were paid a ransom to keep it quiet.
Khosrowshahi, who wasn't in charge of Uber when the breach occurred, says the two of the employees who led the response to the hack have been fired.
Personal information from 57 million riders was compromised by the attack. Although trip location history, credit card numbers and bank details weren't taken, the hackers reportedly downloaded licence information from about 600,000 drivers. Stolen rider information included email addresses and phone numbers.
Rather than reporting the breach to the US Federal Trade Commission and users, the company covered up the hack and, according to Bloomberg, paid the hackers US$100,000 to delete the stolen data.
Uber was being investigated for a separate data breach at the time. Ex-CEO and company founder, Travis Kalanick, reportedly learned about the breach a month after it took place, in November 2016.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," CEO Dara Khosrowshahi said in a statement.
"None of this should have happened, and I will not make excuses for it. While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
MORE: Uber news