Taxi app Uber has admitted hiding a 2016 hack which saw the personal details of 57 million customers and drivers stolen.
The company reportedly paid hackers $100,000 (£75,000) to delete the data, which included the names, email addresses and mobile phone numbers of all 57m people plus the licence details of 600,000 drivers.
The story was broken by Bloomberg, which claimed the company’s former chief executive Travis Kalanick knew about the breach over a year ago.
Kalanick was replaced as CEO by Dara Khosrowshahi in August after internal pressure related to reports about a sexist culture at Uber.
“While we have not seen evidence of fraud or misuse tied to the [hacking] incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,” Uber’s chief executive Khosrowshahi said.
“None of this should have happened, and I will not make excuses for it.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Uber said the affected drivers have been offered free credit monitoring protection, but customers will not be given the same protection.
Its chief security officer Joe Sullivan has now left the company.
Bloomberg said two hackers were able to access a private area of software development platform Github and find Uber’s log-in details for Amazon Web Services, where the data was stored.
Uber was fined $20,000 in January for failing to disclose another data breach dating back to 2014.