The data breach, which occurred in October 2016, was not publicly reported until Tuesday when Uber quietly published a blog post about the incident. Bloomberg‘s Eric Newcomer was the first to report the story.
“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who joined Uber as CEO in September, wrote in the post. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
The hackers took a trove of data including the names, emails, phone numbers for 50 million riders globally, as well as the personal information of 7 million drivers. This included US driver’s licenses numbers, but no social security numbers, according to the company.
Two of the people responsible for Uber’s handling of the breach were fired on Tuesday in response, Khrosrowshahi wrote in the post. One of them was Joe Sullivan, Uber’s chief security officer, according to Bloomberg.
This post originally appeared on Business Insider.