Uber has revealed that two hackers accessed personal data of 57 million users last year.
The breach exposed the names, email addresses and phone numbers of customers and drivers globally in October 2016. Uber said that the exposed data was stored on a third-party cloud-based service, but did not affect internal systems or infrastructure.
The company said that it doesn't believe credit card details, bank account numbers, dates of birth or trip location history was exposed. However, Uber chief executive Dara Khosrowshahi said the names and driver's licence numbers of approximately 600,000 drivers in the US were exposed, along with the information of 57 million users.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorised access by the individuals," said Khosrowshahi.
"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."
Uber said it doesn't believe individuals need to take any action, and that it hasn't seen any evidence of fraud or misuse tied to the data breach.
Khosrowshahi said he only just learnt about the incident and has called for an investigation into how it was handled. Uber has notified affected drivers and will give them free credit monitoring and identity theft protection.
"None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," he added.