Uber Technologies has informed Britain's data protection regulator that about 2.7 million user accounts - representing the vast majority of people using the ride-hailing service in the country - were affected by a 2016 data breach.
The breach, which the company disclosed last week involving 57 million users worldwide, saw names, mobile phone numbers and email addresses compromised, the company told UK's Information Commissioner's Office (ICO).
- Uber told to pay its workers at least minimum wage
- No backseat hook-ups - Uber's fondling and flirting ban
ICO said it expects Uber to alert all the affected British users, both Uber drivers and passengers, as soon as possible.
The breach was a further setback to the Silicon Valley company after London's transport regulator stripped it of its operating licence in September, citing Uber's approach to reporting serious criminal offences and background checks on drivers.
Uber failed to disclose the massive breach at the time, the company's new chief executive officer said last week.
Under current British law organisations which fail to disclose data breaches to regulators face a maximum fine of up to GBP500,000 (NZ$1,075,990).
In Britain, Uber drew around 2.85 million users, on average, over the past three months, according to web and mobile app traffic measurement firm SimilarWeb, indicating that most British Uber users were likely caught up in the breach.
Uber said on its website on Wednesday that independent forensics experts had not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded in the breach.
"We do not believe any individual rider needs to take any action," the company said.
Uber has been forced to quit several countries, including Denmark and Hungary, and faced regulatory battles in multiple US states and around the world.