Uber paid hackers to delete personal data of 57 million users and drivers following a breach late last year but didn't tell anyone until Tuesday, multiple news outlets reported.
Uber CEO Dara Khosrowshahi said in a statement that he only recently learned that names, email addresses and phone numbers were exposed.
No location history, credit card numbers, Social Security numbers, or dates of birth were accessed, Uber officials said.
However, the driver's license numbers of roughly 600,000 U.S. Uber drivers were, the company revealed.
Khosrowshahi, who became CEO in August, said he'd ordered an investigation into why victims and regulators weren't immediately notified.
"Two of the individuals who led the response to this incident are no longer with the company," he added.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," Khosrowshahi said in the statement. "We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed.
"We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts," he said.
Already reeling from several scandals -- including nearly $9 million in fines for background-check issues in Colorado -- Uber offered free credit monitoring to those drivers who had their license numbers exposed.
There was no explanation of how Uber could know whether the stolen information was destroyed or how much was paid to the hackers.
Bloomberg put the payoff at $100,000.
Click here to sign up for Daily Voice's free daily emails and news alerts.