Hackers stole the personal information of 50 million Uber customers and 7 million drivers a year ago, which the company kept under wraps by paying the criminals $100,000 to destroy what they stole.
Names, email addresses and mobile phone numbers of Uber riders were swiped by the hackers, the company said in a statement after a report by Bloomberg brought the hacking to light on Tuesday.
Here's what you need to know about the data breach:
What the hack means for riders
If you are one of the 40 million riders who use Uber every month, the company encourages you to keep an eye on your credit and any fraud alerts as well as monitoring your Uber account for unusual activity.
No Social Security numbers, credit card information, trip location details or other data from riders was stolen, Uber said.
"We do not believe any individual rider needs to take any action,'' the company said in its statement. "We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection."
There also is an option labeled "I think my account has been hacked" under the "Help" section of the Uber app for users who find suspicious activity on their accounts.
What the hack means for drivers
The names and driver's license numbers for 600,000 Uber drivers in the U.S. were also stolen, Uber CEO Dara Khosrowshahi said in a statement. The company is individually contacting drivers whose information was compromised and offering free credit monitoring and identity theft protection.
Khosrowshahi made no mention of whether Uber riders whose information was hacked are being contacted.
How did it happen?
The data breach occurred when two individual hackers accessed information stored on a third-party cloud-based service used by Uber, Khosrowshahi wrote. The company paid $100,000 to the hackers to destroy the information, which Uber confirmed to NBC News.
"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed," Khosrowshahi wrote. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."
Why did it take so long to reveal the hack?
That answer is unclear.
Khosrowshahi, who took over after former CEO Travis Kalanick resigned in June, said an internal investigation is being conducted into why the hack was kept secret for more than a year. Two of the employees responsible for not initially revealing the attack have been fired, Khosrowshahi wrote.
Uber joined the likes of Google, Sony, Yahoo and Target among companies that have suffered massive data breaches from hackers in recent years.
"None of this should have happened, and I will not make excuses for it," Khosrowshahi wrote. "While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
Follow TODAY.com writer Scott Stump on Twitter.