Uber revealed on Wednesday that around 2.7 million British users of its ride-hailing app had their data compromised in the recently uncovered October 2016 security breach.
The incident affected both drivers and customers and resulted in personal details being stolen. For riders, this included names, email addresses and mobile phone numbers, but not trip history, dates of birth or bank details, said Uber in a blog post.
The UK's data regulator, the Information Commissioner's Office, said in a statement on Wednesday that it expected Uber to alert all those affected in the country as soon as possible.
"As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised," said Deputy Commissioner James Dipple-Johnstone.
Asked whether it would inform individual users if they were affected, Uber pointed us to the blog post, which says "We do not believe any individual rider needs to take any action."
The hack, which affected 57 million users worldwide, only came to light last week after the company covered it up for over a year. Uber paid hackers $100,000 to delete the stolen data. Uber came clean when the breach was discovered by Uber chief Dara Khosrowshahi, who replaced Travis Kalanick as company CEO earlier this year.
"None of this should have happened, and I will not make excuses for it," Khosrowshahi said. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
Both Uber and the ICO said in their statements that they don't believe users don't need to take any action.
"We have seen no evidence of fraud or misuse tied to the incident," said Uber. "We are monitoring the affected accounts and have flagged them for additional fraud protection."
The National Cyber Security Centre has provided further guidelines for people who believe they might have been affected by the breach.