Ride-sharing app Uber has revealed that hackers gained access to the information of 57 million customers late last year.
Chief executive Dara Khosrowshahi, who took over this summer, wrote on the company’s website that Uber had failed to notify individuals or regulators at the time of the breach.
Following an investigation into the incident, Khosrowshahi said that two employees who were responsible for the handling of Uber’s response had now left the company.
While it does not believe any bank details or social security numbers were downloaded, the names and phone numbers of around 57 million riders were accessed, along with the licence numbers of around 600,000 drivers in the US.
Uber is offering to individually notify all the drivers and give them free credit monitoring and identify theft protection.
The company says that it identified the individuals responsible for the hack and obtained assurances that the downloaded data had been destroyed, with Bloomberg claiming the hackers were paid $100,000 to delete the data.
Khosrowshahi wrote: “None of this should have happened and I will not make excuses for it.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
The hack, which threatens to undermine confidence in the mobility service industry, comes amid a string of high-profile breaches at major companies, including Equifax and Unicredit, in which the details of millions of consumers have been leaked.
Tougher data protection regulations are being brought into force next year by the EU, which will see companies required to introduce improved procedures, with bigger fines for breaches that lead to customer information being accessed.