ByteDance says it has fired four employees who accessed the data of several TikTok users located in the US, including journalists. According to The New York Times, an investigation conducted by an outside law firm found that the employees were trying to locate the sources of leaks to reporters. Two of the employees were in the US and two were in China, where ByteDance is based.
"ByteDance condemns this misguided plan that seriously violated the company's Code of Conduct," a ByteDance spokesperson told Engadget. "We have taken disciplinary measures and none of the individuals found to have directly participated in or overseen the misguided plan remain employed at ByteDance."
The company reportedly determined that members of a team responsible for monitoring employee conduct accessed the IP addresses and other data linked to the TikTok accounts of a reporter from BuzzFeed News and Cristina Criddle of the Financial Times. The employees are also said to have accessed the data of several people with ties to the journalists. Forbes claims that ByteDance tracked three of its reporters who previously worked for BuzzFeed News. All three of those publications have published reports on TikTok, including on its alleged ties to the Chinese government.
“The misconduct of those individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users," ByteDance said in a statement to Variety. "We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.”
In October, Forbes reported that members of ByteDance’s Internal Audit and Risk Control department planned to use TikTok to track the locations of specific US citizens. ByteDance refuted those claims, but the report tracks with the results of the internal investigation. The company told the Times it has restructured that department and prevented it from accessing any US data.
“No matter what the cause or the outcome was, [the employees'] misguided investigation seriously violated the company’s Code of Conduct and is condemned by the company," ByteDance CEO Rubo Liang reportedly told employees in a memo. "We simply cannot take integrity risks that damage the trust of our users, employees, and stakeholders. We must exercise sound judgment in the choices we make and be sure they represent the principles we stand behind as a company.”
Word of the investigation and employees' dismissal comes amid various attempts to ban TikTok in the US. More than a dozen states, including Georgia and Texas, have blocked the app on government-owned devices. Earlier this month, a bipartisan bill sought to effectively ban TikTok from US consumer devices, along with other social apps that have ties to China, Russia, Cuba, Iran, North Korea and Venezuela.
Meanwhile, the Senate has passed a $1.7 trillion spending bill, which includes a measure that would ban TikTok on most devices issued by the federal government. There will be some exceptions for elected officials, congressional staff and law enforcement. The House is yet to vote on the omnibus bill but is expected to pass it on Thursday evening.
According to the Times, ByteDance said the fired employees accessed historical data that it plans to delete from its own data servers in the US and Singapore. The company said in June that all of TikTok's TikTok user traffic is being routed to Oracle's servers. That's now the "default storage location of US user data," but at the time ByteDance continued to back up the data on its own servers.
Update 12/23 12:03PM ET: Added a statement from ByteDance.