Texas Sues TP-Link Over Alleged Ties to Chinese State Hackers and Deceptive Security Claims

In a high-stakes legal battle with national security implications, the state of Texas has filed a lawsuit against TP-Link, one of the world’s largest networking equipment manufacturers, accusing the company of misleading consumers about the security and origins of its routers while allegedly enabling Chinese state-backed hackers to exploit vulnerabilities in its devices.

The lawsuit, filed by Texas Attorney General Ken Paxton, alleges that TP-Link deceptively marketed its routers as secure and privacy-focused while sourcing nearly all components from China—despite labeling products as “Made in Vietnam.” According to the complaint, this practice is particularly concerning because Chinese law can compel companies with ties to the Chinese supply chain to cooperate with government intelligence requests and hand over user data.

“This week, my office is launching a coordinated series of actions against CCP-aligned companies to send a clear message that in the Lone Star State we will always put Texas and America First,” Paxton declared. “TP Link will face the full force of the law for putting Americans’ security at risk. Let this serve as a clear warning to any Chinese entity seeking to compromise our nation’s security.”

A History of Security Failures

The lawsuit points to a troubling pattern of security vulnerabilities in TP-Link devices. Most notably, the company’s routers were reportedly used in the Quad7 botnet—a massive network of compromised home and small-business routers linked to Chinese threat actors. Microsoft documented this botnet in October 2024, revealing how it was built from hacked TP-Link devices and used for credential theft and password-spraying attacks.

“Despite its claims of privacy and security, TP Link’s products have been used by People’s Republic of China’s state-sponsored hacking entities to launch multiple cyber-attack operations against the United States,” Paxton stated. “With nearly all of its products’ parts imported from China, TP Link’s deliberate deception towards Texans regarding the nationality, privacy, and security capabilities of its networking devices is not just illegal—it is also a national security threat that enables the secret surveillance and exploitation of Texas consumers.”

Federal Agencies Sound the Alarm

The Texas lawsuit comes amid growing federal scrutiny of TP-Link’s security practices. The Cybersecurity and Infrastructure Security Agency (CISA) currently lists half a dozen TP-Link security flaws in its catalog of actively exploited vulnerabilities. Additionally, reports emerged in December 2024 that the U.S. government was considering banning TP-Link routers entirely, with the Departments of Justice, Commerce, and Defense investigating the company’s practices.

When contacted by BleepingComputer, TP-Link defended its practices, telling The Record that the allegations are “without merit.” The company maintains that neither the Chinese government nor the Chinese Communist Party exercises control over its operations, products, or user data. TP-Link also claims that all U.S. user data is stored on domestic Amazon Web Services servers.

Seeking Civil Penalties and Transparency

Texas Attorney General Paxton is seeking civil monetary penalties and injunctions that would require TP-Link to disclose the Chinese origins of its devices and stop collecting consumer data without informed consent. The lawsuit represents part of a broader crackdown on Chinese technology companies operating in the United States, particularly those in the telecommunications and networking sectors.

The timing of the lawsuit is significant, coming just weeks after Texas filed similar actions against major television manufacturers—including Sony, Samsung, LG, and Chinese companies Hisense and TCL Technology Group Corporation—accusing them of secretly collecting user data through Automated Content Recognition technology.

National Security Implications

The TP-Link case highlights the complex intersection of consumer technology, national security, and international trade relations. As more American households rely on connected devices for internet access, concerns about foreign government access to personal data and critical infrastructure have intensified.

Security experts note that routers are particularly attractive targets for hackers because they serve as gateways to home networks, potentially providing access to computers, smartphones, smart home devices, and personal information. The fact that TP-Link devices have been repeatedly exploited by state-sponsored actors raises serious questions about the company’s security practices and its ability to protect American consumers.

The lawsuit also underscores the challenges facing U.S. regulators in addressing security risks posed by foreign technology companies, particularly those with ties to countries with different legal and regulatory frameworks regarding data privacy and government access to corporate systems.

What’s at Stake

Beyond the immediate legal implications for TP-Link, the case could have far-reaching consequences for the networking equipment industry and consumer technology sector. If Texas succeeds in its lawsuit, it could set a precedent for how states regulate foreign technology companies operating in the U.S. and how companies must disclose their supply chain relationships and data practices.

For consumers, the case raises important questions about the security of their home networks and the extent to which they can trust manufacturers’ claims about privacy and data protection. It also highlights the need for greater transparency in the technology supply chain and more robust security standards for connected devices.

As the legal proceedings unfold, the tech industry and cybersecurity community will be watching closely to see how this case develops and what it might mean for the future of technology regulation, international trade, and national security in an increasingly connected world.

Tags: Texas lawsuit, TP-Link, Chinese hackers, national security, router vulnerabilities, Quad7 botnet, Ken Paxton, cybersecurity, supply chain security, data privacy, Chinese Communist Party, U.S. technology regulation

Viral Sentences:

• “TP Link will face the full force of the law for putting Americans’ security at risk.”
• “Let this serve as a clear warning to any Chinese entity seeking to compromise our nation’s security.”
• “This is not just illegal—it is also a national security threat.”
• “The Lone Star State we will always put Texas and America First.”
• “Secret surveillance and exploitation of Texas consumers.”
• “U.S. government was considering banning TP-Link routers entirely.”
• “Chinese state-backed hackers to exploit vulnerabilities in its devices.”
• “Deliberate deception towards Texans regarding the nationality, privacy, and security capabilities.”
• “Half a dozen TP-Link security flaws in its catalog of actively exploited vulnerabilities.”
• “Massive network of compromised home and small-business routers linked to Chinese threat actors.”

,