A complete of 57 million worldwide had knowledge uncovered within the breach, however the agency had not specified what number of have been UK-based mostly earlier than.
The stolen info consists of names, e-mail addresses and telephone numbers and – for US drivers – licence numbers.
Uber ought to notify UK customers who’ve been affected, the info regulator stated.
According to Uber, the two.7 million determine is “approximate rather than an accurate and definitive account” – it’s because the knowledge gathered by the agency’s app doesn’t all the time specify the place customers reside.
A spokesman for Uber advised the BBC the agency shouldn’t be capable of make clear what number of UK drivers are included within the 2.7 million.
The Information Commissioner’s Office (ICO) had beforehand stated it had “huge concerns” about the breach.
Responding to the newest information, a spokesman for the ICO stated: “As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised.”
“We would expect Uber to alert all those affected in the UK as soon as possible.”
The ICO believes the info could possibly be used by scammers making an attempt to focus on victims of the breach.
Both Uber and the ICO have directed customers to advice from the UK’s National Cyber Security Centre that was revealed following information of the breach.
The newest improvement was described as “shocking” by London Mayor Sadiq Khan.
“Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don’t suffer adversely, and what action is being taken to prevent this happening again in the future,” he stated.
When information of the breach was revealed final week, chief government Dara Khosrowshahi stated, “None of this should have happened, and I will not make excuses for it.”
The story was first broken by Bloomberg, which reported that Uber not solely sought to cowl up the incident but in addition paid hackers $100,000 (£75,000) to delete the info that they had stolen.