The data breach was not disclosed to regulators at the time of the incident, but Khosrowshahi said the company was now notifying the authorities of the incident, in addition to the customers and drivers whose data was compromised in the attack.
Affected riders have also been flagged for additional fraud protection, although they don't need to take any other action beyond regularly monitoring their credit and accounts, the company said.
And tonight, Uber confirmed Australian customers' personal information had been stolen in the hack and informed the Privacy Commissioner.
I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. Reports about widespread sexual harassment and discrimination at the company led founder/CEO Travis Kalanick to resign in June.
According to the Times, more than 800 people in Britain and the U.S. have complained on Twitter about their accounts being hacked in the past year.
US Senator Richard Blumenthal took to Twitter to call for the FTC to investigate Uber, describing the company's behavior as "inexplicable" and asking for the FTC to impose "significant penalties". Khosrowshahi wrote in a blog post, "We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers".
"Unfortunately, Uber failed to provide the commission with vital information at the meeting, especially on whether Filipino data are involved, citing limited information from their US Office", Commissioner Raymund Enriquez Liboro said in a statement. This information included names, email addresses and mobile phone numbers.
Uber is offering to individually notify all the drivers and give them free credit monitoring and identify theft protection.
The National Privacy Commission on Friday said it had given Uber a 48-hour deadline to provide vital information on a breach of its data previous year.
Uber representatives could not be reached on Wednesday to comment on the response from authorities.
An investigation has been opened by The New York State Attorney General into the incident that Uber acknowledged publically on Tuesday. Though these three have not revealed the exact nature of their investigations, many state laws require that companies notify customers when their data has been stolen.
'Deliberately concealing breaches from regulators and citizens could attract higher fines for companies, ' Dipple-Johnstone warned, a sentiment echoed by minister for digital Matt Hancock who has opined that there is a 'very high chance' that the company's actions to hide the breach are illegal under United Kingdom law.
The Information Commissioner's Office and the National Cyber Security Center are working to gauge the severity of the problem for British Uber users.
At home in the USA, five states said they would investigate the data breach, according to a Recode report on Wednesday.
Uber waited more than a year to disclose the massive data breach.