Uber has admitted some 2.7 million of its UK users had their data stolen in a major hacking attack on the company.
The firm has been urged to contact customers and drivers who were affected directly to inform them of the breach.
The cyber attack took place late last year but only became public last week, after Uber executives spent months trying to cover up the scandal. A total of 57 million customers were affected worldwide.
Hackers were able to obtain the names, email addresses and mobile phone numbers of passengers and drivers.
James Dipple-Johnstone, deputy commissioner of the Information Commissioner's Office, said he would expect Uber to alert everyone affected in the UK "as soon as possible".
He said it was unlikely the stolen details could be used directly to carry out a fraud, but it could make those affected more vulnerable to scams.
The hackers who broke into a server were paid a $100,000 US dollars (£75,500) bounty by Uber in return for an agreement to destroy the data. They were also reportedly asked to sign non-disclosure agreements.
Uber said its third party investigators found no indication that financial details, journey histories and dates of birth were downloaded.
However, UK authorities say they are still waiting for technical reports confirming exactly how many British residents were affected and the type of personal data that has been compromised.
The firm said it does not believe that any passengers need to take any action in relation to the data breach.
In a statement it said: "We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection."
News of the hacking attack and the attempts to hush it up are just the latest scandal to hit the company.
Earlier this year it was denied a new operating licence in London on the grounds of "public safety and security implications". Uber is currently appealing.
The company also lost a significant employment rights case over the rights of drivers who insisted they were effectively employees and were entitled to sick pay.