Ring employees were given “dangerously overbroad access” to customers’ home security systems, the US government said
Amazon-owned security camera company Ring has agreed to a $5.8 million settlement after the US government accused the firm of major privacy violations, including one case in which an employee was alleged to have spied on more than 80 different women over a period of several months.
The Federal Trade Commission (FTC) announced the multi-million dollar decision on Wednesday, saying that Ring had agreed to settle a legal dispute out of court after federal officials charged the company with “failing to restrict employees’ and contractors’ access to its customers’ videos” and weak safeguards for user data.
“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, the director of the FTC’s Bureau of Consumer Protection.
In a court filing, the commission accused Ring of granting hundreds of employees, as well as third-party contractors based in Ukraine, “full access to every customer video, regardless of whether the employee or contractor actually needed that access to perform his or her job function.” While it said the company had general policies against the misuse of data, it provided no training on privacy or data security before May 2018, allowing “dangerous – and unnecessary – access to highly sensitive data” for some time.
The lax protections led to several serious privacy breaches, the FTC said, noting one particularly egregious case in 2017. Between June and August of that year, a male Ring employee “viewed thousands of video recordings belonging to at least 81 unique female users” on hundreds of separate occasions. He typically accessed cameras located in “intimate” spaces, such as bedrooms.
Ring failed to detect the employee’s spying, which was only uncovered thanks to a co-worker who reported the suspicious behavior, ultimately resulting in his termination. The incident led the company to tighten its security policies, however employees were still granted sweeping access to customers’ cameras, the court filing continued.
Purchased by Amazon in 2018, the California-based company has come under fire for poor privacy practices in the past, with one 2020 lawsuit stating that Ring failed to prevent a hack which resulted in “horrific” privacy invasions for users. In response to questions from US lawmakers in 2020, Ring was also forced to acknowledge that it was aware of four separate cases in which employees were fired over their excessive access to customers’ cameras.