Recently installed Uber CEO Dara Khosrowshahi revealed today that in late 2016 hackers accessed personal data of approximately 57 million Uber riders and drivers — a hack that previously went undisclosed.

In a blog post, Khosrowshahi wrote that “two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use.”  The individuals were able to access the names and driver’s license numbers of around 600,000 drivers in the United States, and personal information of 57 million Uber users worldwide, which “included names, email addresses, and mobile phone numbers.” Bloomberg reports that Uber paid the hackers $100,000 to destroy the data and did so without alerting government agencies of the hack.

Khosrowshahi wrote that he was only recently made aware of the incident and said that “effective today, two of the individuals who led the response to this incident are no longer with the company.” According to Bloomberg, one of those individuals was chief security officer Joe Sullivan.

“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistake,” Khosrowshahi wrote.

Khosrowshahi wrote that under his leadership, Uber has taken a number of steps to help affected riders and drivers and increase security measures. Affected drivers will be provided with free credit monitoring and identity theft protection, and the company is working with Matt Olsen, cofounder of cybersecurity consulting firm IronNet Cybersecurity, to outline additional security measures the company can take.

The news comes as Khosrowshahi, who was selected in August to become Uber’s new CEO, has sought to redefine the company’s “toe-stepping” image. Earlier this month, Khosrowshahi released a new set of Uber’s “cultural norms,” which include “do the right thing” and “act like owners.”

Drivers and riders who want to learn more about the hack and whether they might be affected can click on the links here and here, respectively.

Update, 4:24 p.m. The New York Attorney General’s Office has confirmed to VentureBeat that it is investigating the incident.