However, hackers were able to download driver's license numbers of around 600,000 drivers in the United States.
"None of this should have happened, and I will not make excuses for it", says Dara Khosrowshahi, who replaced Kalanick in June, in a statement. He was not at the helm when it happened. Instead, the company paid hackers to delete the data and keep the breach quiet.
Uber would not confirm it paid this ransom.
CEO Travis Kalanick, who was in charge when the hack took place, is still on the company's board of directors.
While the legal implications of Uber's cover up are still being examined - the Italian Data Protection Authority just launched an investigation into the data breach - The New York Times points out that Uber may have violated the Federal Trade Commission's stipulation that companies disclose data breaches and reveal any evidence of a cybersecurity compromise. After obtaining login credentials from that site, the attackers accessed data stored on an Amazon Web Services account where an archive of rider and driver information existed.
Khosrowshahi also said that he can't erase the past but the company will learn from its mistakes.More news: FCC confirms plan to kill net neutrality
Two hackers managed to access personal information they stole from a "third-party cloud-based service".
The news that ride hailing service Uber has suffered, and covered up, a major hack means that millions of people could unknowingly have had their data put at risk.
"We do not believe any individual rider needs to take any action, " the company said in its statement.
Uber fired its chief security officer, Joe Sullivan, this week for the data breach coverup. The company also said it is notifying regulators, and monitoring affected rider accounts for signs of fraud.
Jeremiah Grossman, chief of security strategy at security firm SentinelOne, says this was not a sophisticated hack. "Facing thousands of attacks daily, or even tens of thousands, it's a matter of when - not if - a breach will occur", said Gary Weiss, senior vice-president and general manager of the Security, Discovery and Analytics Business Unit at information management software firm OpenText. The San Francisco-based company also faces dozens of civil suits, including a high-profile case from Alphabet set for trial next month. In a coincidentally timed announcement shortly before Uber's hacking disclosure Tuesday, Whitman said she was stepping down as head of Hewlett Packard Enterprise Co. "It doesn't address the underlying problem in your own organization - your security practices need revision and you're failing to adequately protect your assets including your own proprietary information, and your customers' data".