Uber has admitted that hackers stole personal data from more than 57 million customers around the world. The ride-hailing service initially tried to cover up the 2016 incident.
Some 57 million Uber users had their information hacked, including names, emails and mobile phone numbers, Uber said in a blog post on Tuesday.
The ride-hailing service said other personal information, including trip details or credit card information, had not been accessed.
According to Uber, two individuals downloaded data from a third-party cloud server used by the company.
"None of this should have happened, and I will not make excuses for it," Dara Khosrowshahi, Uber's recently appointed CEO, said in a statement. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
Khosrowshahi, who said he only recently found out about the hack, took over the company in August following the departure of founder Travis Kalanick.
The revelation comes as Uber is recovering from a series of crises that culminated in Kalanick's ouster in June.
Consumer privacy concerns
The news agency Bloomberg reported that Uber executives had deliberately sought to conceal the data breach, including a payment of $100,000 (€91,000) to two hackers in exchange for a promise to remain quiet and delete the information.
Bloomberg said Kalanick first learned of the incident in November 2016, when Uber was finalizing a settlement with the US Federal Trade Commission over the handling of consumer data.
According to Bloomberg, Uber's chief security officer, Joe Sullivan, and a deputy were asked to leave the company this week over their roles in the incident.