Zoom in / ring on the video door.

Amazon’s ring product line for home surveillance has garnered a lot of attention in the past few weeks as bad actors outside the company have had easy access to users’ accounts. But for Ring, like many other companies, some of the greatest security risks can come from within the company

In response to the Congressional survey, Amazon admitted this week that there have been four incidents in the past four years in which employees have accessed video data that they should not have accessed. “Each of these people who were involved in these incidents were allowed to view video data,” said Amazon in a letter (PDF). “In any case, the attempted access to this data exceeded what was necessary for their tasks.”

Ring fired all of these employees after “rapid investigative measures” and informed Congress that after each incident, the company “took several measures to limit data access to fewer team members.” The company also “reviews” employees’ access to data regularly to see if they still need access to do their job.

The company said that the employees who have access to user videos are not all based in the USA. It was not counted how many employees in which countries can access this data. Instead, it was stated that research and development teams “in Ukraine and elsewhere can only access publicly available videos and videos available from employees, contractors, and friends and family members of employees, or contractors with their express consent.”

That is, “publicly available” ring video may contain more information than the customers who created it. Earlier reports found footage from tens of thousands of ring cameras across the country that had extremely accurate coordinates so that reporters and researchers could map their locations.

Amazon’s admission follows a flood of ring hacks that have garnered nationwide attention. In these cases, intruders used shared credentials from other hacks and security breaches to log in to poorly secured ring accounts and to harass families with the devices. In response to the wave of attacks, Ring will launch a new “dashboard” this week that will help account holders manage their connected devices and, by default, enable two-factor authentication for new accounts.

The conspicuous access incidents were not the only security risk that Ring has taken recently. In November, the company released a patch for a vulnerability that exposed users’ Wi-Fi credentials during device configuration.

Amazon was first asked to respond to Ring’s Congress in the fall of last year after it became known that the company had built close partnerships with more than 400 law enforcement agencies across the country. (To date, the list includes 770 agencies.) The company sent answers to the first questions in November, but a group of senators, including Ed Markey (D-Mass.), Ron Wyden (D-Ore.), And Chris Van Hollen ( D-Md.), Chris Coons (D-Del.) And Gary Peters (D-Mich.) Sent a targeted follow-up request (PDF). The company’s letter of January 6 came in response to this follow-up query.