NEW YORK - The Latest on the data breach at Uber (all times local):
More U.S. states say they're investigating Uber over the ride-hailing company's massive data breach.
Missouri Attorney General Josh Hawley, a Republican, sent a letter Wednesday telling Uber to notify customers if their personal information might have been affected and demanding that the ride-hailing company make changes to protect data.
Massachusetts Attorney General Maura Healey, a Democrat, told WGBH-FM on Wednesday that she's requesting documents and other information from Uber, adding her office is "keeping all criminal and civil options on the table."
The company came clean on Tuesday about its coverup of a year-old hacking attack that stole personal information of about 57 million customers and drivers.
The Missouri letter to Uber says the attorney general's office is investigating whether the company violated any state consumer-protection or data-privacy laws.
A British law firm says the ride-hailing firm Uber could now face legal claims after a data breach that saw hackers steal the personal information of some 57 million people around the world.
Sean Humber, a data protection specialist from the law firm Leigh Day, says the company urgently needs to answer questions about its failure to secure personal information, to report the breach to authorities and to notify those affected.
He says that "in legal terms those affected may have claims for compensation for the distress caused and any losses suffered as a result of the misuse of their private information and breach of the Data Protection Act."
The firm has represented drivers in Britain who have sued Uber to demand vacation pay and a minimum wage.
New York's state Attorney General has opened an investigation into a massive data breach at Uber.
Amy Spitalnick, spokeswoman for Attorney General Eric Schneiderman, confirmed the probe Wednesday, but would not comment further.
New York law requires that companies notify the Attorney General and consumers if data is stolen.
On Tuesday, Uber acknowledged that it covered up a year-old hacking attack that stole personal information about more than 57 million of the ride-hailing service's customers and drivers.
So far, there's no evidence that the data taken has been misused, according to a Tuesday blog post by new Uber CEO Dara Khosrowshahi. Part of the reason nothing malicious has happened is because Uber acknowledges paying the hackers $100,000 to destroy the stolen information.
British officials say any fine against Uber for its large-scale data breach will be higher than usual because the firm did not promptly disclose the hack.
Britain's Deputy Information Commissioner James Dipple-Johnstone said Wednesday the company faces "higher fines" because it concealed the hack from the public.
He said: "If U.K. citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed."
The Information Commissioner's Office and the National Cyber Security Center are working to gauge the severity of the problem for British Uber users.
Uber has admitted covering up the hack last year after personal information of more than 57 million users and drivers was compromised.