Texas has sued networking equipment company TP-Link Systems, accusing it of allowing the Chinese Communist Party to hack into consumers’ devices while marketing its products as secure and private. Attorney General Ken Paxton announced the lawsuit this week, describing it as the first in a series of actions to be filed this week against companies with ties to the CCP. In a press release seen by The Record, Paxton’s office wrote, “With nearly all of its products’ parts imported from China, TP-Link’s deliberate deception towards Texans regarding the nationality, privacy, and security capabilities of its networking devices is not just illegal—it is also a national security threat that enables the secret surveillance and exploitation of Texas consumers.”
What Texas AG Ken Paxton said about TP-Link routers
Paxton alleged that TP-Link markets its products as secure and privacy-protective, while Chinese state-sponsored hacking groups have used them to mount cyberattacks against the US. His office cited a May 2023 report by Check Point Research alleging that Camaro Dragon, a Chinese state-sponsored hacking entity, ran campaigns exploiting vulnerabilities in TP-Link firmware.Security consultant John Bambenek told Recorded Future News that the US intelligence community has raised similar concerns about TP-Link devices potentially enabling Chinese government espionage. However, he was skeptical that the lawsuit would have a meaningful impact. “Using deceptive business practices seems to be a clever way of tackling this problem, but I am hard-pressed to see any scenario [where] any order by a Texas court would be respected in China,” Bambenek said.Nakul Goenka, a risk officer at the security company ColorTokens, framed the lawsuit as part of a shift in how cybersecurity is regulated. “Security representations are increasingly being evaluated as consumer protection and disclosure issues, not merely technical ones — a shift already visible in FTC enforcement actions and SEC disclosure mandates and now extending into state-level litigation. The key legal question is not whether a vulnerability exists but whether a company’s public statements about privacy, security, and product origin accurately reflect the underlying risk,” Goenka noted.In December 2025, Paxton sued Chinese television manufacturers Hisense and TCL, alleging that their devices capture what consumers watch in real time and could be allowing that data to be harvested by China.
What TP-Link said about the Texas lawsuit
A TP-Link spokesperson called the lawsuit “without merit and will be proven false,” and added the company is an independent American company with core operations and infrastructure located entirely within the United States. All US users’ networking data is stored on Amazon Web Services servers, the statement noted, and the company’s founder and CEO lives in California. “We will continue to vigorously defend our reputation as a trusted provider of secure connectivity for American families,”the spokesperson continued.
