In a public statement , Uber has announced that it sustained a massive data breach in 2016: 57 million customers’ and drivers’ names, e-mail addresses, and phone numbers were compromised.

According to Bloomberg, no trip location info, credit card information, or Social Security numbers was taken.

Uber did not respond to Ars’ questions—Matthew Wing, a spokesman, simply pointed us to the company's blog post.

Bloomberg also noted that Uber paid hackers $100,000 to delete the data and not publicize the breach. At the time of the breach, Uber was negotiating with federal regulators over different privacy concerns.

In a statement published Tuesday morning, Uber’s CEO, Dara Khosrowshahi, who took over the company’s top job earlier this year from co-founder Travis Kalanick, seemed to express astonishment over the incident.

“You may be asking why we are just talking about this now, a year later,” he wrote in a blog post published on Tuesday morning. “I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”

Khosrowshahi explained that two security officials are no longer with the company. Bloomberg cited one of them as Chief Security Officer Joe Sullivan.

According to his LinkedIn profile, prior to moving to Silicon Valley tech firms in 2002, Sullivan served as an Assistant United States Attorney in the Northern District of California, focusing on high tech crime.

The CEO also noted the company would be notifying “regulatory authorities.”

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi continued. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”