Ring, the video surveillance device manufacturer owned by Amazon, has agreed to pay $5.8 million to settle claims made by the Federal Trade Commission (FTC) regarding unauthorized access to customers’ videos by Ring employees and contractors. The settlement, which was filed in the U.S. District Court for the District of Columbia, follows an investigation into Ring’s handling of sensitive video data.

The FTC alleged that Ring employees and contractors had unrestricted access to customer videos, allowing them to view, download, and transfer the footage for personal use. The complaint highlighted the “dangerously overbroad access and lax attitude toward privacy and security” exhibited by Ring. The company granted every employee and hundreds of third-party contractors in Ukraine full access to customer videos, irrespective of their job requirements. This unrestricted access enabled staff to download and share customer videos without authorization.

The FTC also revealed instances where Ring employees illicitly accessed private videos of women, with some incidents going undetected for months. Ring acknowledged that the individuals involved are no longer employed by the company. The FTC further accused Ring of negligence in handling reports of credential stuffing, where hackers exploit stolen user credentials from one breach to gain unauthorized access to other accounts. The company’s failure to respond promptly allowed hackers to compromise more than 55,000 U.S. customer accounts between January 2019 and March 2020.

As part of the settlement, Ring will pay $5.8 million and implement a comprehensive data security program. The program will include regular assessments and monitoring for the next 20 years. Additionally, Ring will disclose the level of access its employees and contractors have to customer data.

Ring spokesperson Emma Daniels stated that the company disagrees with the FTC’s allegations and denies any violations of the law. Despite the settlement, Ring has made efforts to enhance security measures, including mandating two-factor authentication for users and introducing end-to-end encryption to protect customer videos.

The resolution of this case underscores the importance of safeguarding consumer privacy and reinforces the need for robust data security practices in the technology industry.

Ring, the video surveillance device manufacturer owned by Amazon, has agreed to pay $5.8 million to settle claims made by the Federal Trade Commission (FTC) regarding unauthorized access to customers’ videos by Ring employees and contractors. The settlement, which was filed in the U.S. District Court for the District of Columbia, follows an investigation into Ring’s handling of sensitive video data.

The FTC alleged that Ring employees and contractors had unrestricted access to customer videos, allowing them to view, download, and transfer the footage for personal use. The complaint highlighted the “dangerously overbroad access and lax attitude toward privacy and security” exhibited by Ring. The company granted every employee and hundreds of third-party contractors in Ukraine full access to customer videos, irrespective of their job requirements. This unrestricted access enabled staff to download and share customer videos without authorization.

The FTC also revealed instances where Ring employees illicitly accessed private videos of women, with some incidents going undetected for months. Ring acknowledged that the individuals involved are no longer employed by the company. The FTC further accused Ring of negligence in handling reports of credential stuffing, where hackers exploit stolen user credentials from one breach to gain unauthorized access to other accounts. The company’s failure to respond promptly allowed hackers to compromise more than 55,000 U.S. customer accounts between January 2019 and March 2020.

As part of the settlement, Ring will pay $5.8 million and implement a comprehensive data security program. The program will include regular assessments and monitoring for the next 20 years. Additionally, Ring will disclose the level of access its employees and contractors have to customer data.

Ring spokesperson Emma Daniels stated that the company disagrees with the FTC’s allegations and denies any violations of the law. Despite the settlement, Ring has made efforts to enhance security measures, including mandating two-factor authentication for users and introducing end-to-end encryption to protect customer videos.

The resolution of this case underscores the importance of safeguarding consumer privacy and reinforces the need for robust data security practices in the technology industry.