As the Washington Post reports, the attorneys general of Massachusetts, Illinois, Connecticut, New York and Missouri have all launched investigations into this latest egregious lack of data security as well as some Uber executives' decision to not report the breach and instead pay off hackers to keep them silent. The details of these investigations haven't been revealed but it's likely Uber broke a number of states' laws when it failed to notify its customers of the data breach in a timely manner.

We've launched an investigation into the Uber breach and have been in touch with the company to get more information.



We have serious concerns about the reported conduct.https://t.co/iH8X2nDWvz — Maura Healey (@MassAGO) November 22, 2017

The Washington Post also reports that at least three lawsuits are in the works. Those suits have been filed in California and Oregon and all three are seeking class-action suits against the company. In response to the breach and its mishandling, Uber's new CEO, Dara Khosrowshahi, has said, "None of this should have happened, and I will not make excuses for it. While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."