Amazon-owned Ring has been at the centre of a few privacy scandals, and now, it's quietly revealing to lawmakers the exact number of employees it's fired in recent years because they abused their access to user video data.
In a written response to five US senators, each of whom had scrutinised Ring for more details about its security practices, the company finally admitted that it dismissed four employees over four years. Here is Ring's explanation (via Motherboard):
"Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data. Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions. In each instance, once Ring was made aware of the alleged conduct, Ring promptly investigated the incident, and after determining that the individual violated company policy, terminated the individual."
Keep in mind, last January, reports claimed Ring allowed employees to access unencrypted customer videos taken from its lineup of smart doorbells. But Ring said that employees were only given access to videos made public through its community watch program, Neighbors.
The Intercept also recently claimed Ring gave it Ukraine-based R&D team unfettered access to an Amazon web server that held all Ring customer videos. Ring also dismissed this allegation, but it said three employees did have access to videos for infrastructure maintenance reasons.
"Our R&D teams can only access publicly available videos and videos available from Ring employees, contractors, and friends and family of employees or contractors with their express consent. Additionally, customers may give their express consent to our customer service department to provide temporary access to their live camera feed when troubleshooting a specific customer issue. Aside from this, a very limited number of employees (currently three) have the ability to access stored customer videos for the purpose of maintaining Ring’s AWS infrastructure."
Finally, Ring told senator sin its letter that it is “not aware of any breach of a customer’s personally identifiable information that would require reporting to government agencies". It also now requires two factor for all new accounts.