Uber reportedly paid two hackers to keep quiet, after they exposed the private data of 57 million customers.
Hackers were able to gain access to the names, email addresses and phone numbers from around the world, while the driver's license details of 600,000 US users were also downloaded.
The company reportedly paid the hackers US$100,000 to keep quiet and delete the data after the October 2016 attack, according to Bloomberg.
In a statement released today, Uber CEO Dara Khosrowshahi confirmed the hack.
"None of this should have happened and I will not make excuses for it," he said.
He acknowledged the company's "failure to notify affected individuals or regulators" at the time of the incident and said the individuals that dealt with the incident were no longer with the company.
"I recently learned that, in late 2016, we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use," he said.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection."
Uber is offering free credit monitoring and identity theft protection for those whose driver's license numbers were downloaded.