Hackers plundered the personal data of 57 million Uber customers and drivers — but the app-based cab company covered up the breach for a year, paying the pirates to keep quiet instead, according to a new report.

Names, email addresses and phone numbers for 50 million riders and info from 7 million drivers were exposed in the October 2016 hack — and the company learned about it a month later, Bloomberg reports.

But instead of reporting the breach to regulators or victims, the company acquiesced to the hackers’ demands for $100,000 to delete the data, according to the report.

Uber officials now admit the company should’ve come clean at the time.

“None of this should have happened, and I will not make excuses for it,” CEO Dara Khosrowshahi told Bloomberg. “We are changing the way we do business.”

The hack wasn’t sophisticated — the digital thieves broke into the accounts of two Uber engineers on the coding site Github, where they found the passwords to some online data storage that contained the personal info, according to the report.

The thieves then contacted Uber to demand the cash.

This isn’t the first time the company has been hacked — or failed to report it. Uber agreed to a $20,000 settlement with New York Attorney General Eric Schneiderman last year after it took several months to own up to a data breach.