Uber concealed a massive data breach for more than a year, according to a report by Bloomberg.
Hackers stole names, email addresses, and phone numbers of 57 million Uber riders around the world in a breach dating back to October 2016. Data on more than 7 million drivers was also stolen, including over 600,000 drivers' license records.
Trip records, location data, and social security numbers were not stolen in the breach, the company said.
But instead of alerting users of the breach, the company paid the hackers $100,000 to delete the data and to keep details of the breach quiet.
The company confirmed the breach, in a lengthy statement posted on Tuesday.
"As Uber's CEO, it's my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of," said Dara Khosrowshahi. "For that to happen, we have to be honest and transparent as we work to repair our past mistakes."
According to Bloomberg, two hackers broke into a private GitHub repo used by Uber software engineers, and were able to gain access to an Amazon Web Services account that handled and controlled tasks by the ride-sharing service. The hackers found a trove of rider and driver data, downloaded it, and reportedly emailed the company demanding money.
Uber has said, however, that individual riders do not need to take "any action," following the announcement.
The breach happened under the watch of former chief executive Travis Kalanick, who knew about the cyberattack. His former deputy, chief security officer Joe Sullivan, a former federal prosecutor and senior Facebook executive, covered up the breach, the publication reported.
Khosrowshahi "recently" learned of the breach and its subsequent cover-up once he became chief executive, and later forced Sullivan to resign.
An Uber spokesperson did not return an email requesting additional comment.