Four ByteDance employees violated company policy by inappropriately accessing data on TikTok users in the U.S., including two journalists, in an attempt to track down the source of information leaks, according to an internal report released by the Chinese company.

ByteDance said it fired all four of the employees, two based in the U.S. and two in China, for “misconduct.”

The internal ByteDance report, as first reported by the New York Times, found that the employees accessed IP addresses and other data of two U.S.-based reporters via their TikTok accounts — one for BuzzFeed News and one at the Financial Times — along with several individuals connected to the reporters. The staffers engaged in the surveillance were trying to see whether the journalists had been in the vicinity of other ByteDance employees, per the Times.

A TikTok spokesperson said in a statement to Variety, “The misconduct of those individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users. We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.”

The disclosure that ByteDance employees misappropriated TikTok user data comes as the short-form video app has faced a backlash among American lawmakers who view it as a threat to U.S. national security given TikTok’s ownership by a China-based conglomerate that is under the jurisdiction of the Chinese Communist Party. TikTok has been trying to finalize a deal with the Biden administration to address U.S. concerns about the security of user data in the app and ensure China’s government would not be able to access that information.

Reps for BuzzFeed and the FT denounced ByteDance’s surveillance of their reporters. “We are deeply disturbed by a report that ByteDance employees accessed the personal user data of a reporter for BuzzFeed News, showing a blatant disregard for the privacy and rights of journalists as well as TikTok users,” a BuzzFeed News spokesperson said, noting that the news outlet has recently reported on ByteDance’s China-based employees accessing U.S. users’ data and on the company’s attempts to “push pro-China messaging to Americans.” A spokesperson for the U.K.-based Financial Times said, “Spying on reporters, interfering with their work or intimidating their sources is completely unacceptable. We’ll be investigating this story more fully before deciding our formal response.”

In a letter to employees, ByteDance CEO Rubo Liang wrote in part, “No matter what the cause or the outcome was, this misguided investigation seriously violated the company’s Code of Conduct and is condemned by the company. We simply cannot take integrity risks that damage the trust of our users, employees, and stakeholders. We must exercise sound judgment in the choices we make and be sure they represent the principles we stand behind as a company.” Liang also said that ByteDance is “taking immediate actions to assuage and address the situation” but that “more importantly, we need to deeply reflect on our actions and think about how we can prevent similar incidents from happening again.”

TikTok had previously pushed back on a report by Forbes in October that ByteDance’s Internal Audit and Risk Control department, which investigates potential misconduct by employees, had planned to monitor the location of U.S. TikTok users. In its previous statement, TikTok had claimed that the app “has never been used to ‘target’ any members of the U.S. government, activists, public figures or journalists.”

Earlier this month, legislation with bipartisan support urging President Biden to use emergency powers to ban TikTok in the U.S. was introduced in Congress, in an effort led by GOP Sen. Marco Rubio. In addition, a bill by Sen. Josh Hawley (R-Mo.) would ban the installation of TikTok on all federal devices.

TikTok has spent $1.5 billion to date to form a U.S.-based data security division aimed at meeting the U.S. government’s requirements, Reuters reported Thursday, citing an anonymous source. TikTok has an agreement with Oracle to store user app data in the U.S., and TikTok has proposed giving Oracle the ability to review app and server code. In addition, TikTok has proposed creating a board to oversee the U.S. security division — not subject to ByteDance control — comprising three members who would be screened by the Committee on Foreign Investment in the United States (CFIUS), per the Reuters report. Moreover, TikTok has been “seeking to hire independent auditors and monitors who would be paid by the company but report to CFIUS,” Reuters reported.

Donald Trump, in the final months of his term as U.S. president, issued an executive order that threatened to ban TikTok in the country unless ByteDance sold a controlling interest in TikTok to American investors. Trump was motivated to seek the ban after TikTok users trolled his campaign by placing bogus orders for tickets to one of his rallies, the Times reported this week. U.S. federal courts blocked Trump’s order. In June 2021, President Biden officially revoked Trump’s orders seeking to ban TikTok while also launching an investigation into apps that have ties to “foreign adversaries” that may pose national security or data privacy risks.

In announcing the Senate bill seeking to a U.S. ban on TikTok, Rubio said, “This isn’t about creative videos — this is about an app that is collecting data on tens of millions of American children and adults every day.” He added, “We know it’s used to manipulate feeds and influence elections. We know it answers to the People’s Republic of China. There is no more time to waste on meaningless negotiations with a CCP-puppet company. It is time to ban Beijing-controlled TikTok for good.”