ByteDance, TikTok’s China-based parent company, said Thursday that an internal investigation found that employees improperly obtained data from U.S. TikTok users, including two reporters.
Over the summer, some members of a ByteDance team responsible for monitoring employee behavior tried to find the sources of alleged leaks of internal conversations and business documents to journalists. In doing so, employees gained access to the IP addresses and other data of two reporters and a small number of people connected to the reporters through their TikTok accounts. They were trying to determine if these people were in the same proximity of ByteDance employees, according to the company, which added that efforts to find leaks had failed.
The investigation was launched after an article was published by Forbes, and the investigation confirms part of that report and acknowledges the privacy and security risks associated with TikTok, which U.S. legislators, state governors, and the governments of Trump and Biden for more than two years. More than a dozen states have banned TikTok from state-issued devices, and the company is in lengthy negotiations with the government over security and privacy measures that would block any potential access to US user data by ByteDance and the Chinese government.
ByteDance General Counsel Erich Andersen announced the findings of the investigation, which was conducted by an outside law firm, in an email to employees on Thursday.
One person on the team resigned and three were fired. Two of these employees worked in China and two in the United States. ByteDance said it restructured its global compliance team and removed all access to US data from that department. The affected reporters wrote for BuzzFeed and The Financial Times, ByteDance said, but declined to identify them and other affected TikTok users.
Mr. Andersen and ByteDance CEO Rubo Liang revealed the findings of the investigation in separate emails to employees.
“I was deeply disappointed when I was informed of the situation. . . and I’m sure you feel the same way,” Mr. Liang wrote. “Public trust, which we have worked so hard to build, is being severely undermined by the misconduct of a few individuals.”
TikTok CEO Shou Zi Chew also emailed his employees about the investigation, expressing disappointment and stressing the company’s commitment to protecting US data.
“We take data security incredibly seriously,” Mr. Chew said in the email. He said the company has been working for the past 15 months to develop a new US-based data storage program as “demonstration of that commitment.”
The revelations come amid growing concerns from US officials about the privacy and national security risks posed by TikTok, a hugely popular video-sharing app with an estimated 100 million American users. ByteDance acquired TikTok, formerly known as Musical.ly, in 2017 and has since been the focus of national security officials, who say the app is too closely linked to its parent company in China and can store sensitive data like geolocation and user’s custom interests in the United States, into the hands of the Chinese government.
Hoping to allay national security fears, ByteDance has moved US users’ data to a cloud storage system operated by Oracle, the Silicon Valley software company.
In September, TikTok’s chief operating officer, Vanessa Pappas, testified in a Senate hearing that the app has not shared data with the Chinese government. The company has tried to distance the app from ByteDance, saying TikTok has its own corporate structure with offices in Washington, Singapore, New York and Los Angeles.
TikTok has been embroiled in negotiations with the Biden administration over a data security plan that would place all US data on Oracle’s cloud servers and erect walls around that data to prevent access by the Chinese government. Negotiations that began during the Trump administration have stalled in recent weeks, sparking a cascade of state and federal measures to limit TikTok usage.
Congress will vote on a proposal as early as this week that would ban TikTok from all federal devices. Intelligence officials, including FBI Director Christopher Wray, have warned that Chinese officials could harvest sensitive data on US citizens for use in surveillance and propaganda dissemination.
TikTok is in the midst of an escalating economic and trade war between the United States and China for technology leadership. The superpowers have imposed trade restrictions on foreign-made technology and poured hundreds of billions of dollars into subsidies and grants to bring tech manufacturing supply chains back within their borders.
A bill by Senator Josh Hawley, Missouri Republican, would ban TikTok on all federal devices, marking the app’s most far-reaching restriction yet. He said that despite assurances from ByteDance and TikTok, the Chinese government has sweeping powers to collect data, including from US users of apps connected to Chinese companies.
“TikTok is essentially a backdoor for the Communist Party to track keystrokes, contact lists and location, and there’s no way to turn it off,” Mr. Hawley said in an interview this week. “Under Chinese law, ByteDance is required to release data, and that’s a major privacy risk for Americans.”