The company made the admission to the information Commissioner's Office (ICO) which is investigating the incident, which affected 58 million users and drivers and was kept secret until last week.
"In the United Kingdom this involved approximately 2.7 million riders and drivers", Uber wrote in a blog post on Wednesday.
Ferguson said that the ride-sharing company violated state law by not informing consumers that their information had been stolen in the 2015 breach.
The Land Transportation Franchising and Regulatory Board (LTFRB) will conduct its investigation on the data breach involving personal data of users of ridesharing firm Uber in the Philippines.
The complaint alleges that "Uber executives were aware of the breach as early as November 2016", but nonetheless failed to provide notification until November 21, 2017-far exceeding the 45-day deadline.
Washington state Attorney General Bob Ferguson is suing Uber for failing to disclose a massive data breach that left the personal information of 57 million people exposed.
Ferguson's lawsuit is the first from a state, although attorneys general in New York, Missouri, Massachusetts, Connecticut and IL have begun investigations, and the city of Chicago and Cook County have filed a lawsuit. "Consumers expect and deserve protection from disclosure of their personal information".
The stolen information includes names, email addresses and phone numbers and - for USA drivers - licence numbers.
It has also placed an information page within the Accounts and Payment Options menu within the Help section of the Uber app.
The breach saw details of 57 million accounts compromised, and Uber has been heavily criticised for not admitting sooner that its systems had been hacked, and for paying off those responsible.
The lawsuit was filed Tuesday in King County Superior Court.
"The government takes both the protection of personal data and the right to privacy extremely seriously".
"We have seen no evidence of fraud or misuse tied to the incident".