Texas Sues TP-Link Over Alleged Chinese Hacking Risks and Consumer Deception
Texas Sues TP-Link Over Alleged Chinese Hacking Risks and Consumer Deception
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Ubuntu 26.04 LTS (Resolute Raccoon): The Most Ambitious Ubuntu LTS in a Decade
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Texas Sues TP-Link Over Alleged Chinese Hacking Risks and Consumer Deception
February 19, 2026
Texas Attorney General Ken Paxton has filed a lawsuit against TP-Link Systems Inc., the California-based American arm of the global networking equipment giant, accusing the company of deceptively marketing its products while enabling Chinese state-sponsored actors to access consumers’ devices inside their homes.
The suit alleges that TP-Link deceptively marketed its networking devices and allowed the Chinese Communist Party to access American consumers’ devices, despite the company’s repeated public assurances of privacy and security.
The First of Several
Paxton announced the TP-Link lawsuit as the first in a series of legal actions his office is planning to file against Chinese companies that he claims have wronged Texans. He framed the effort as “a coordinated effort to hold China accountable under Texas law,” declaring, “TP-Link will face the full force of the law for putting Americans’ security at risk. Let this serve as a clear warning to any Chinese entity seeking to compromise our nation’s security.”
What the Lawsuit Alleges
The lawsuit follows an investigation launched in October 2025 and claims that TP-Link misled buyers by labeling its products “Made in Vietnam” while sourcing nearly all components from China. Under Chinese law, this supply-chain connection matters significantly: the lawsuit argues that the company’s ownership and supply-chain ties to China place it under PRC “national data” laws, which require Chinese firms and citizens to assist regime intelligence services by turning over data collected on American users.
Paxton’s office cited a May 2023 report from Check Point Research, which alleged that Camaro Dragon hacking campaigns — conducted by a Chinese state-sponsored hacking entity — were enabled by TP-Link firmware vulnerabilities. Federal agencies have previously flagged actively exploited flaws in TP-Link hardware, and CISA currently lists half a dozen TP-Link security vulnerabilities in its catalog of known exploited flaws.
The lawsuit claims TP-Link controls approximately 65 percent of the American market for network devices, making the security concerns particularly far-reaching.
Paxton is seeking civil monetary penalties and injunctions that would require TP-Link to disclose the Chinese origins of its devices and stop collecting consumer data without informed consent.
State-Level Actions Against TP-Link
Governor Greg Abbott recently updated the state’s list of prohibited technologies for state employees and state devices to include TP-Link, effectively banning state use of the company’s products. This follows a broader pattern of US government scrutiny: in December 2024, the US government was reportedly considering banning TP-Link routers, with the Departments of Justice, Commerce, and Defense investigating the issue, and at least one Commerce Department office having subpoenaed the company. The Trump administration has since put that proposed nationwide sales ban on hold amid broader US-China trade negotiations.
TP-Link Pushes Back
TP-Link firmly denied the allegations. A TP-Link spokesperson said the Texas Attorney General’s allegations are “without merit and will be proven false,” stating that neither the Chinese government nor the CCP exercises control over the company, its products, or user data. The spokesperson added that the company’s founder and CEO, Jeffrey Chao, resides in Irvine, California, and has never been a member of the CCP, and that all US user data is stored securely on Amazon Web Services servers.
Broader Context
A day after the TP-Link lawsuit, Paxton filed a second action targeting Anzu Robotics LLC, an Austin-based drone company accused of acting as a front for blacklisted Chinese drone manufacturer DJI. Together, these filings signal an aggressive new phase of state-level action on Chinese technology companies — one that legal experts say reflects a shift in how cybersecurity risks are being framed. According to one risk officer at a cybersecurity firm, “security representations are increasingly being evaluated as consumer protection and disclosure issues, not merely technical ones — a shift already visible in FTC enforcement actions and SEC disclosure mandates, and now extending into state-level litigation.”
Whether the Texas courts can meaningfully compel a company with deep ties to China remains an open question. One expert noted that while using deceptive business practices law is a “clever way of tackling this problem,” it is hard to envision any scenario where a Texas court order would be respected in China. Still, the lawsuit adds significant legal and reputational pressure on TP-Link at a critical moment in US-China technology tensions.
This article is based on reporting from the Texas Attorney General’s Office, BleepingComputer, The Record, The Register, StateScoop, and Texas Scorecard.
