Taxi app Uber has confirmed that it concealed a cyber attack in 2016 - which compromised the data of more than 57 million customers around the world.
The ride-hailing app's new chief executive, Dara Khosrowshahi said two hackers had managed to download "personal information of 57 million users around the world."
Names, e-mail addresses and phone numbers of customers were among the data accessed – alongside the driver's licenses of 60,000-thousand people.
The names and driving licence numbers of about 600,000 Uber workers in the US were also compromised in the October 2016 incident.
Bloomberg News reports that the firm paid the hackers €85,000 to delete the data and keep the breach quiet, instead of notifying regulators and the people affected.
Uber has said it does not believe its customers need to take any action.
"We have seen no evidence of fraud or misuse tied to the incident," says a help page on its site.
"We are monitoring the affected accounts and have flagged them for additional fraud protection."
Mr Khosrowshahi said the data had been stolen from a "third-party cloud-based service" and that "we subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed".
The chief executive, who joined the company in August, added in his statement: "You may be asking why we are just talking about this now, a year later.
"I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.
"None of this should have happened, and I will not make excuses for it.
"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
The data breach comes as Uber looks to improve its image after bad publicity during the tenure of Uber's founder Travis Kalanick – and the decision by transport bosses in London to take away its licence.
Mr Kalanick was ousted as chief executive in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.
Mr Khosrowshahi has insisted the company is now working with regulators on the breach and notifying drivers whose licence numbers were downloaded.
He said the firm is also offering credit monitoring and identity theft protection.
A review of its security is also taking place in conjunction with Matt Olsen, a former National Security Agency general counsel and cybersecurity expert.