The cab-hailing app Uber covered up a massive hack of the personal data of 57 million customers and drivers worldwide, it has emerged.
The tech company paid hackers $100,000 (£75,500) to delete the stolen data and did not divulge the breach when it occurred last year.
While it is not known which countries were affected by the hack, Uber has been hugely successful in the UK where there are 3.5 million users in London alone. The ride-sharing app is currently trying to win back its licence from Transport for London
Former chief executive Travis Kalanick said last year that the app had more than 40 million active users worldwide every month, indicating that a large proportion of its customers will have been affected by the hack.
Mr Kalanick knew about the hack over a year ago, Bloomberg reported on Tuesday night.
Information including driving licence numbers and customers’ names, email addresses and mobile phone numbers were accessed in the cyber attack.
Of the 57 million, 600,000 drivers were affected, with their names and licence details downloaded by the hackers.
Uber said outside forensics "have not seen any indication that trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth were downloaded".
Uber did not notify individuals or regulators last year at the time of the breach, in October, despite having been in talks with US regulators over separate claims of privacy violations.
Instead of reporting the hack, it said it took immediate steps to secure the data and shut down further unauthorised access by those individuals. It "identified the individuals and obtained assurances that the downloaded data had been destroyed".
Uber controversies timeline
"You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it," chief executive Dara Khosrowshahi said in a statement. He was not CEO at the time, having joined in September.
"None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Mr Khosrowshahi said.
Uber’s chief security officer, Joe Sullivan, and one of his deputies have been fired for their roles in covering up the breach.
The cyber attack follows other high profile attacks on tech giants including Yahoo, which saw as many as 3 billion of its user accounts affected in two separate hacks, and Equifax, when the personal data of 700,000 British people and 143 million US citizens was stolen.