TikTok’s China-based parent company ByteDance said on Thursday that a small group of employees inappropriately obtained personal data of US TikTok users and are no longer employed at ByteDance. The New York Times reported that some of the users whose data was accessed included two journalists, one at BuzzFeed News and one at the Financial Times.
The information came to light following an internal investigation by a third-party law firm, ByteDance general counsel Erich Andersen said in an email to the company’s employees that was seen by the Times. Not long after the report, Forbes published a story alleging that ByteDance also tracked its reporters, three of whom formerly worked at BuzzFeed News.
Four ByteDance employees — two based in the US, two based in China — reportedly were responsible for the security breach, which was meant to find the sources of suspected media leaks. They have all been fired.
In response to an inquiry from BuzzFeed News, a TikTok spokesperson said, “The misconduct of certain individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users. We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.”
A ByteDance spokesperson condemned the employees’ actions, which “seriously violated the company’s Code of Conduct.” The spokesperson added, “We have taken disciplinary measures and none of the individuals found to have directly participated in or overseen the misguided plan remain employed at ByteDance.”
The company’s chief executive, Rubo Liang, addressed the internal report’s findings in an email to employees on Thursday. “I was deeply disappointed when I was notified of the situation … and I’m sure you feel the same,” Liang wrote, as reported by the Times. “The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals.”
BuzzFeed News reported on security concerns surrounding TikTok over the past year. In June, BuzzFeed News broke the news that nonpublic data about US TikTok users had been repeatedly accessed from China. The report was based on audio, obtained by BuzzFeed News, from more than 80 internal ByteDance meetings.
“We are deeply disturbed by a report that ByteDance employees accessed the personal user data of a reporter for BuzzFeed News, showing a blatant disregard for the privacy and rights of journalists as well as TikTok users,” BuzzFeed News spokesperson Lizzie Grams said Thursday. “It’s even more troubling that this comes in the wake of a series of reports by BuzzFeed News that exposed major issues within its parent company, from employees accessing American users’ data from China to ByteDance’s attempts to push pro-China messaging to Americans.”
A Financial Times spokesperson said, “Spying on reporters, interfering with their work or intimidating their sources is completely unacceptable. We’ll be investigating this story more fully before deciding our formal response.”