There are serious legal ramifications for Uber's decision not to immediately disclose the data breach.
They also downloaded names and licence numbers of 600,000 of the company's USA drivers, Mr Khosrowshahi said in a blog post. He was not at the helm when it happened.
"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed", Khosrowshahi wrote.
The severity of the incident was compounded amidst revelations that the company had paid $US100,000 ($A132,000) to the hackers to delete the data. For that reason, Uber will now pay for free credit-report monitoring and identity theft protection services for the affected drivers. As part of that settlement, Uber also paid a $20,000 fine for waiting to notify five months about another data breach that it discovered in September 2014.
CEO Travis Kalanick, who was in charge when the hack took place, is still on the company's board of directors.
The company has not yet revealed where in the world these users and drivers were.
Uber hacked, data for 57 million people exposed
"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", Khosrowshahi said, adding, "We are changing the way we do business".
It's the latest blow to Uber, at a time when the rideshare company is trying to improve its public image.
'You may be asking why we are just talking about this now, a year later, ' new CEO Dara Khosrowshahi said.
Uber also fired two employees who were responsible for providing information to hackers. Within hours of the disclosure, a customer filed a lawsuit seeking class-action status, and New York Attorney General Eric Schneiderman launched an investigation.
"We do not believe any individual rider needs to take any action, " the company said in its statement.
He said the incident, which he had only recently learned of, did not breach our corporate systems or infrastructure. "Interestingly here it's the fact that Uber covered up the breach that seems to have got people's backs up, clearly showing how important honesty is when dealing with such incidents". After all, the company has an established track record of engaging in unethical and possibly illegal practices while skirting government regulators. A number of civil suits are also ongoing and the service faces bans in London and other cities due to what has been termed reckless behaviour.
Khosrowshahi inherited a litany of scandals and a toxic workplace culture when he replaced Kalanick.