In a blog post, Dara Khosrowshahi, who took over in August, said he recently learned that two individuals outside the company "inappropriately accessed user data" in late 2016.
Stored in a third-party cloud-based service, Mr Khosrowshahi said the personal information of 57 million Uber users and drivers worldwide had been hacked.
This included names, email addresses and mobile phone numbers, as well as the names and number plates of some 600,000 drivers in the United States.
Mr Khosrowshahi said in the post: "At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals.
"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed."
Bloomberg, the first to report the story, said that Uber paid 100,000 US dollars (Â£75,500) to the hackers to delete the data and keep the breach under wraps.
Mr Khosrowshahi said there had been "no indication" trip history, credit card details, bank account numbers or dates of birth were downloaded by the hackers.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Mr Khosrowshahi said.
"None of this should have happened, and I will not make excuses for it.
"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."