Continue Reading Below
The January letter came in response to a Nov. 2 letter from the five senators requesting Amazon founder Jeff Bezos to disclose information regarding Ring's privacy practices given its ability to upload "video footage detailing the lives of millions of Americans in and near their homes" to its servers.
"Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data," Amazon Vice President of Public Policy Brian Huseman wrote in the letter. "Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions,"
"In each instance, once Ring was made aware of the alleged conduct, Ring promptly investigated the incident, and after determining that the individual violated company policy, terminated the individual," Huseman added.
Ring continues to see "stolen credentials and passwords (from other applications and sites) that have led to some bad actors gaining access to Ring devices" rather than unauthorized entry into Ring's systems or networks, meaning most hackers are able to access accounts by gaining password information through other apps or websites, according to Huseman.
Additionally, no Ring employee has complete access to a customer's video footage. Ring only has three employees who currently "have the ability to access stored customer videos for the purpose of maintaining Ring’s AWS infrastructure," Huseman said.
The letter also details the ways in which Ring deletes and retains footage, the security measures it has employed to avoid hacking incidents, encryption and vulnerability disclosure policies, how Ring performs security tests and how audits are performed.
Ring has come under the spotlight in recent months after a slew of recent hacking attempts on its security cameras used by millions all over the country.
A Mississippi couple said in November that their Ring security camera placed inside their 8-year-old's bedroom was hacked by someone who began playing music and talking to the little girl -- going as far as to tell her he was Santa Claus, WMC Action News 5 reported.
The Amazon-owned device was set up in the little girl’s room, which she shares with her two sisters, in DeSoto County. The children’s mother, Ashley LeMay, said the camera – which allows someone on one end of the camera to speak to the other end – had been set up only four days before her daughter heard music playing in the bedroom, according to the report.
Amazon and Ring are both being sued for negligence, invasion of privacy, breach of implied contract, breach of implied warranty and unjust enrichment. According to the lawsuit, which was filed in the U.S. District Court for the Central District of California, the companies have known about the insufficiency of the system's security.
"Ring does not fulfill its core promise of providing privacy and security for its customers," the class-action lawsuit reads. "...hackers routinely terroriz[e] occupants, invade their privacy and undermine their sense of safety and security."