ByteDance finds employees obtained TikTok user data from two US journalists

ByteDance employees accessed the data as part of an unsuccessful effort to investigate leaks of company information.

TikTok logo is displayed on the smartphone while standing on the US flag in this illustration picture taken, November 8, 2019. (photo credit: REUTERS/DADO RUVIC/FILE PHOTO)
TikTok logo is displayed on the smartphone while standing on the US flag in this illustration picture taken, November 8, 2019.
(photo credit: REUTERS/DADO RUVIC/FILE PHOTO)

ByteDance, the Chinese parent company of popular video app TikTok, said on Thursday that some employees this summer improperly accessed TikTok user data of two US journalists and were no longer employed by the company, an email seen by Reuters shows.

ByteDance employees accessed the data as part of an unsuccessful effort to investigate leaks of company information and were aiming to identify potential connections between two journalists and company employees, said the email from ByteDance general counsel Erich Andersen. The disclosure, reported earlier by the New York Times, could add to the pressure TikTok is facing in Washington from lawmakers and the Biden administration over security concerns about US user data.

A person briefed on the matter said four ByteDance employees who were involved in the incident were fired, including two in China and two in the United States. Company officials said they were taking additional steps to protect user data.

Congress is set to pass legislation this week to ban US government employees from downloading or using TikTok on their government-owned devices.

What has the TikTok Chief Executive said?

The TikTok logo is seen on a screen over Times Square in New York City, U.S., March 6, 2020 (credit: REUTERS/ANDREW KELLY)The TikTok logo is seen on a screen over Times Square in New York City, U.S., March 6, 2020 (credit: REUTERS/ANDREW KELLY)

TikTok Chief Executive Shou Zi Chew said in a separate email to employees seen by Reuters, "This misconduct is not at all representative of what I know our company's principles to be." He said the company "will continue to enhance these access protocols, which have already been significantly improved and hardened since this initiative took place."

Chew said that over the past 15 months the company had been working to build TikTok US Data Security (USDS) to ensure protected TikTok US user data stays in the US

"The USDS department is limiting access of that data to the USDS department and has already done so across our production systems," he said. "We are completing the migration of protected US user data management to the USDS department and have been systematically cutting off access points."

ByteDance also said it is restructuring the Internal Audit and Risk Control department, and the global investigations function will be split out and restructured. The company added it will be redesigning the investigations process to include an oversight council.

The US government Committee on Foreign Investment in the United States (CFIUS), a national security body, has for months sought to reach a national security agreement with ByteDance to protect the data of more than 100 million US TikTok users, but it appears no deal will be reached before year's end.