Illinois, Massachusetts, New York, and Connecticut are planning investigations into Uber's recently announced 2016 breach that left 57 million customers' and drivers' data vulnerable to criminals, and the FTC might launch a probe as well, according to Recode.

Why it matters: Most states (48) have some form of a law requiring companies to reveal data breaches to consumers, but Uber did not immediately disclose the details to consumers and reportedly tried to cover up the hack.

The FTC may also launch a probe into Uber, Recode reports, citing two sources who say Uber has already briefed the agency. The FTC said it was looking into the matter.

• The FTC just penalized Uber in August for other privacy and security practices and had asked Uber to maintain all records related to privacy and security for investigators. This apparent cover-up could throw a wrench in those conclusions issued in August.
• Sen. Richard Blumenthal urged the FTC to take "swift enforcement action and impose significant penalties" on Uber, and Rep. Frank Pallone is calling for a Congressional hearing on the matter.

Global blowback: Authorities in Australia and the Philippines said they would also be investigating, and the UK's data protection regulator brought up potential penalties for Uber, per Reuters.

Bottom line: The news is not good for Uber on a global scale. It could face penalties and fines in addition to paying the steep legal price associated with suits after a year filled with other headaches related to security, privacy, and its culture.