ByteDance, the Chinese parent company of popular video app TikTok, said on Thursday that some employees this summer improperly accessed TikTok user data of two U.S. journalists and were no longer employed by the company, an email seen by Reuters shows.
ByteDance employees accessed the data as part of an unsuccessful effort to investigate leaks of company information and were aiming to identify potential connections between two journalists and company employees, said the email from ByteDance general counsel Erich Andersen.
The disclosure, reported earlier by The New York Times, could add to pressure TikTok is facing in Washington from lawmakers and the Biden administration over security concerns about U.S. user data.
A person briefed on the matter said four ByteDance employees who were involved in the incident were fired, including two in China and two in the United States. Company officials said they were taking additional steps to protect user data.
Congress is set to pass legislation this week to ban U.S. government employees from downloading or using TikTok on their government-owned devices.
TikTok Chief Executive Shou Zi Chew said in a separate email to employees seen by Reuters, “This misconduct is not at all representative of what I know our company’s principles to be.” He said the company “will continue to enhance these access protocols, which have already been significantly improved and hardened since this initiative took place.”
Chew said that over the past 15 months the company had been working to build TikTok U.S. Data Security (USDS) to ensure protected TikTok U.S. user data stays in the U.S.
“The USDS department is limiting access of that data to the USDS department and has already done so across our production systems,” he said. “We are completing the migration of protected U.S. user data management to the USDS department and have been systematically cutting off access points.”
ByteDance also said it is restructuring the Internal Audit and Risk Control department, and the global investigations function will be split out and restructured. The company added it will be redesigning the investigations process to include an oversight council.
The U.S. government Committee on Foreign Investment in the United States (CFIUS), a national security body, has for months sought to reach a national security agreement with ByteDance to protect the data of more than 100 million U.S. TikTok users, but it appears no deal will be reached before year’s end.