Texas Sues TP-Link Over Alleged Chinese Hacking Risks and User Deception

Post Views: 77

Texas Sues TP-Link Over Deceptive Marketing Practices

The state of Texas has filed a lawsuit against TP-Link Systems, a prominent manufacturer of networking equipment, alleging that the company has engaged in deceptive marketing practices by claiming its routers are secure while allowing Chinese state-sponsored hackers to exploit vulnerabilities in the devices’ firmware.

Allegations of Misleading Consumers

The lawsuit, which was announced by Texas Attorney General Paxton, claims that TP-Link has misled consumers by labeling its products as “Made in Vietnam” when, in reality, nearly all of the components used in the devices are sourced from China.

According to the lawsuit, this is a significant issue because Chinese law requires companies with ties to the Chinese supply chain to cooperate with government intelligence requests and hand over user data. Paxton stated that the lawsuit is part of a broader effort to hold companies accountable for compromising national security. “We will always put Texas and America first,” he said. “TP-Link will face the full force of the law for putting Americans’ security at risk.”

History of Security Failures

The lawsuit highlights a history of security failures by TP-Link, including the exploitation of firmware vulnerabilities by Chinese hacking groups and the use of the company’s routers in a large-scale credential-theft botnet.

This botnet, which was tracked by Microsoft in October 2024, was built using hacked home and small-business routers, primarily TP-Link devices, and was operated by Chinese threat actors.
Despite claims of prioritizing privacy and security, TP-Link’s products have been used by the Chinese government to conduct secret surveillance and exploitation of consumers.

Response from TP-Link

In response to the allegations, a TP-Link spokesperson stated that the claims are “without merit” and that the Chinese government does not exercise control over the company, its products, or user data.

The spokesperson also claimed that all U.S. user data is stored on domestic Amazon Web Services servers.

Previous Scrutiny and Investigations

Federal agencies have previously flagged actively exploited flaws in TP-Link hardware, and the Cybersecurity and Infrastructure Security Agency (CISA) currently lists several TP-Link security flaws in its catalog of vulnerabilities known to be exploited in attacks.

In December 2024, the U.S. government was reportedly considering banning TP-Link routers, and the company has been the subject of investigations by the U.S. Departments of Justice, Commerce, and Defense.

Previous Lawsuit

This lawsuit is not the first time that TP-Link has faced scrutiny over its security practices. In December 2025, the Texas Attorney General sued several major television manufacturers, including TP-Link, for secretly collecting user data using Automated Content Recognition (ACR) technology.