Uber has revealed that around 2.7 million British customers and drivers were affected by a 2016 data breach, which was covered up until last week.

It means the majority of Uber users in the UK were affected by the hack, which saw names, email addresses and phone numbers stolen.

Uber says the stolen data was deleted by the two hackers who gained access to its system. It said there is "no evidence" of fraud tied to the breach, although the National Cyber Security Centre (NCSC), an arm of GCHQ, has urged Uber users to change their passwords and be vigilant about online fraud.

The American ride-hailing app revealed last week that 50 million customers and 7 million drivers had their details stolen in October last year due to a security flaw. It paid the hackers $100,000 (£75,000) to delete the data and keep quiet about the hack, in a cover-up orchestrated by its now-ousted chief executive, Travis Kalanick.

The Information Commissioner's Office, the UK's data watchdog, has said Uber failing to disclose the breach for so long increases the chances of it being fined over the incident.

View more!

"In the United Kingdom [the hack] involved approximately 2.7m riders and drivers," Uber announced. "This is an approximation rather than an accurate and definitive count because sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives.

"When this happened, we took immediate steps to secure the data, shut down further unauthorised access, and strengthen our data security."

Uber says it has over 5 million active riders and 50,000 drivers in the UK, although the numbers a year ago will have been smaller.

The revelation may bode poorly for Uber's attempt to restore its relationship with Transport for London, which stripped it of its licence in September.

Responding to the disclosure, London's mayor Sadiq Khan said: "This latest shocking development about Uber will alarm millions of Londoners whose personal data could have been stolen by criminals.

"Uber need to urgently confirm which of their customers are affected, what is being done to ensure these customers don't suffer adversely, and what action is being taken to prevent this happening again in the future.

"The public will want to know how there could be this catastrophic breach of personal data security."

The NCSC said: "We assess that the stolen information does not pose a direct threat to people or allow direct financial crime."