Uber said on Tuesday that hackers compromised personal data from some 57 million riders and drivers in a breach kept hidden for a year.

"None of this should have happened, and I will not make excuses for it," said a statement from chief executive Dara Khosrowshahi, who took over at the ridesharing giant in August.

Two members of the Uber information security team who "led the response" that included not alerting users that their data was breached were let go from the San Francisco-based company effective Tuesday, according to Khosrowshahi.

The Uber chief said he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a "significant" amount of information.

Stolen files included names, email addresses, and mobile phone numbers for riders, and the names and driver license information of some 600,000 drivers, according to Uber.

Uber paid the hackers $100,000 to destroy the data, not telling riders or drivers whose information was at risk, according to a source familiar with the situation.

Co-founder and ousted chief Travis Kalanick was advised of the breach shortly after it was discovered, but it was not made public until Uber's new boss Khosrowshahi learned of the incident.

"You may be asking why we are just talking about this now, a year later," Khosrowshahi said.

"I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it."

Khosrowshahi said that what he learned about Uber's failure to notify users or regulators prompted corrective actions.

"All companies would be wise to remember this: cock-ups are bad, but cover-ups can kill you," computer security specialist Graham Cluley said in a blog post.

"You can ask forgiveness for being hacked, but many people will find it harder to forgive and forget if you deliberately concealed the truth from them."

Yahoo and Equifax were hit with criticism for how long it took the companies to disclose hacks.

"Breach disclosure is taking too long," said McAfee vice president of labs Vincent Weafer.

Weafer described Uber's decision to pay the hackers off as unusual, and questioned whether it was wise.

"You are relying on trust among thieves that the data has not been copied or leaked in any way," Weafer said.

Need to change

Uber is notifying drivers whose license numbers were swiped, and offering them credit and identity theft protections.

The company also said it is notifying regulators, and monitoring affected rider accounts for signs of fraud.

"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Khosrowshahi said.

"We are changing the way we do business."

Khosrowshahi inherited a litany of scandals and a toxic workplace culture when he replaced Kalanick.

Kalanick's brash style has been credited with driving Uber to the leading spot in the smartphone-summoned ride market, but also blamed for fostering an atmosphere of impropriety and rule-breaking.

A planned tieup with Japanese tech giant SoftBank suggests the ridesharing giant is set to come of age in the business world, but it still faces a long road ahead.

The deal would give Uber an additional $1 billion in capital and could allow SoftBank to acquire as much as 14 percent of the company over time.

While Uber has become a global phenomenon operating in more than 600 cities and dozens of countries, it is trying to move past scandals and missteps that have included executive misconduct, a cutthroat workplace and potentially unethical competitive practices.

One step toward the future was the hiring of Khosrowshahi earlier this year, which left founder Kalanick in the background.

But Uber needs to clean up governance and other practices in order to meet its goal of a 2019 stock market debut that will open up the privately-held firm to greater scrutiny.

Under Kalanick, Uber reached an eye-popping valuation of $68 billion, unprecedented for a private firm.

At the same time, it has faced resistance from traditional taxi operators and regulators, and faces possible bans in cities for failing to live up to local rules.

Uber has other issues as well. It is in court facing Waymo, the former Google Car unit, which has alleged the theft of trade secrets on autonomous vehicle technology.

Uber's use of software aimed at thwarting rivals like Lyft has also hurt its image, and could create further legal woes.