Uber failed to disclose a massive breach last fall that exposed the data of some 57 million users of the ride-sharing service, the company's new chief executive officer said on Tuesday.
Discovery of the company's handling of the October 2016 breach incident led to the departure of two employees who led Uber's response, said Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick.
Khosrowshahi said he had only recently learned of the matter himself.
The company's admission that it failed to disclose the breach comes as Uber is seeking to recover from a series of crises that culminated in the Kalanick's ouster in June.
Bloomberg reports that instead of reporting the extortion-type hack to government officials and revealing the breach to its affected users, Uber paid hackers $100,000 to delete the info and keep quiet.
According to the company's account, two individuals downloaded data from a third-party cloud server used by Uber, which contained names, email addresses and mobile phone numbers of some 57 million Uber users around the world. They also downloaded names and driver's license numbers of some 600,000 of the company's U.S. drivers, Khosrowshahi said in a blog post.
He said he had hired Matt Olsen, former general counsel of the U.S. National Security Agency, to help him figure out how to best guide and structure the company's security teams and processes.
"None of this should have happened, and I will not make excuses for it," Khosrowshahi said in the blog post.
"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," he said. "We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."
Reporting by Jim Finkle