Uber just couldn’t help themselves when it comes to scandals. Over a year ago, Uber Technologies Inc. reported a massive data breach as they reported that hackers stole the personal data of 57 million customers and drivers from their server. There is a new side to the story though as earlier this week, the company sacked their chief security officer and one of his deputies for their roles in covering the hack, in a deal that included paying the sum of $100,000 to the hackers.

The data that was compromised back in October last years included the names, email addresses and phone numbers of 50 million Uber riders around the world. The company further stated that the personal information of about 7 million drivers was accessed also, with over 600,000 of them being licensed drivers in the U.S. The company, however, stated that no Social Security numbers, credit card information, trip location details or other data were accessed.

“None of this should have happened, and I will not make excuses for it.”

During the time of the hack, Uber was embroiled in a negotiation with U.S authorities who were investigating privacy violations issues against the government.  The company has now come out publicly to state that it had an obligation to report the hack to regulators and to drivers whose license numbers were taken. They didn’t do that though, instead, they paid hackers to delete the data and ensure that the data breach was kept quiet. They further stated that the information collected was never used even though they declined to give the identity of the hackers.

Dara Khosrowshahi, who took over as chief executive officer in September while commenting on the issue via email stated that “None of this should have happened, and I will not make excuses for it. We are changing the way we do business.”

With the admission by Uber late on Tuesday, New York Attorney General Eric Schneiderman has decided to investigate what really happened during the hack. This was reported by his spokesman who further added that uber is being sued for negligence over the breach by a customer. The customer at this stage is seeking a class-action status.