A data breach at human cloud, ride sharing firm Uber in October 2016 exposed information related to 57 million rider and driver accounts, the company reported in a blog post yesterday by CEO Dara Khosrowshahi.

The hack exposed the names, email addresses and mobile phone numbers related to accounts of 57 million riders and drivers globally. It also included the license numbers of approximately 600,000 drivers in the US. Outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.

Khosrowshahi wrote that two individuals who led the response to the incident are no longer with the company and to help guide the company going forward it has brought in Matt Olsen, co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center.

Uber is also notifying divers whose license numbers were downloaded, providing divers with free credit monitoring and identity theft protection, notifying regulatory authorities, and monitoring affected accounts, including flagging them for additional fraud protection.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi wrote in his post. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

Bloomberg reported that Uber paid the hackers $100,000 to delete the information and keep quiet, and that Chief Security Officer Joe Sullivan and another exec were ousted.

The New York Times reported Uber acquiesced to the demands, and then tracked down the hackers and pushed them to sign nondisclosure agreements, citing people familiar with the matter. “To further conceal the damage, Uber executives also made it appear as if the payout had been part of a ‘bug bounty’ — a common practice among technology companies in which they pay hackers to attack their software to test for soft spots,” the newspaper reported.

In a separate issue, the Miami Herald newspaper reported yesterday that Uber struck a deal with Miami-Dade County that lets it pay just half of $4 million in fines it owes.