A total of 57 million worldwide had data exposed in the breach, but the firm had not specified how many were UK-based before.
The stolen information includes names, email addresses and phone numbers and – for drivers – licence numbers.
Uber should notify UK users who have been affected, the data regulator said.
According to Uber, the 2.7 million figure is “approximate rather than an accurate and definitive account” – this is because the information gathered by the firm’s app does not always specify where users live.
The BBC has asked Uber to clarify how many UK drivers are included in the 2.7 million.
Responding to the latest news, a spokesman for the ICO said: “As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised.”
“We would expect Uber to alert all those affected in the UK as soon as possible.”
The ICO believes the data could be used by scammers trying to target victims of the breach.
The latest development was described as “shocking” by London Mayor Sadiq Khan.
“Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don’t suffer adversely, and what action is being taken to prevent this happening again in the future,” he said.
When news of the breach was revealed last week, chief executive Dara Khosrowshahi said, “None of this should have happened, and I will not make excuses for it.”