Uber suffered a large-scale cyberattack in October of 2016 that exposed the confidential data of 57 million customers and drivers, the company disclosed today in a statement following a damning Bloomberg report. Among Uber’s faults include not only failing to disclose the hack, but in covering it up as well. Former CEO Travis Kalanick was informed of the attack just one month after it transpired, but it was not publicly announced and in fact was concealed by Chief Security Officer Joe Sullivan and his subordinates, the report says, leading Uber to fire the executive and one of his lieutenants this week. The company allegedly paid its hackers a $100,000 ransom to delete the data and not publicize the breach to media or regulators. “None of this should have happened, and I will not make excuses for it,” current CEO Dara Khosrowshahi, who replaced Kalanick as chief exec back in September, writes in the company’s statement. “We are changing the way we do business.” Uber reportedly declined to identify the attackers. The hack included names, email addresses, and phone numbers of more than 50 million Uber riders worldwide, while more than 7 million Uber drivers had similar data exposed on top of driver’s license numbers for around 600,000 US drivers. Bloomberg says Uber, at the time of the breach, was talking with US regulators over separate privacy violations and had just settled with the Federal Trade Commission over mishandling of consumer data, leading Sullivan to spearhead a cover-up to avoid further fallout over its security and privacy practices. Uber’s board of directors initiated an investigation of Sullivan’s team last month, leading to disclosure of the hack and its concealment. The nature of the hack is relatively straightforward, according to Bloomberg: hackers with access to a public GitHub code repository used by Uber engineers were able to collect private login credentials to an Amazon cloud computing server, from which the hackers stole a list of rider and driver data. They then extorted Uber for the $100,000 fee. Khosrowshahi, alongside the company’s new executive leadership, have already informed the New York attorney general and the FTC of the