Texas AG Sues Wi-Fi Company over Links to China

MCKINNEY, Texas (CN) — Texas Attorney General Ken Paxton filed a lawsuit Tuesday against Wi-Fi giant TP-Link Systems Inc., accusing it of deceiving consumers about its ties to China and misrepresenting its devices’ security.

In 2024, China-based technology company TP-Link split into two separate entities, with the U.S.- based TP-Link Systems Inc. taking over the global operations, while TP-LINK Technologies Co. Ltd. maintained control of TP-Link’s operations in China. In a petition filed in Collin County District Court, Paxton says that since the split, TP-Link Systems Inc. has represented that its products are produced in Vietnam and don’t have any ties to China, which Paxton says misleads consumers in violation of the Texas Deceptive Trade Practices Act.

“Behind TP-Link’s ‘Made in Vietnam’ stickers is a supply chain deeply entrenched in China, where nearly all of TP-Link’s components are sourced before being shipped to Vietnam for mere final assembly,” Paxton writes in the complaint. “TP-Link has created a web of deception that includes shared manufacturing, research, and Chinese state-sponsored benefits, with the company’s leadership acknowledging accolades and subsidies from the Chinese government. By masking its Chinese connections, TP-Link has exposed millions of consumers to severe cybersecurity risks, including firmware vulnerabilities exploited by Chinese hacking groups. Instead of the secure doorway consumers expect, TP-Link devices are an open window for Chinese-sponsored threat actors and Chinese intelligence agencies.”

A substantial portion of American homes use TP-Link Wi-Fi routers. Some reports indicate the company holds at least 60% of the U.S. retail market, but TP-Link Systems Inc. itself claims the number is actually 36.6%. Paxton claims the company has made false representations about the security of its devices.

“Security experts and researchers have reported on TP-Link’s numerous and dangerous firmware vulnerabilities for years, as Chinese state-sponsored hackers exploited these vulnerabilities to access American consumers’ networks, data, and devices,” Paxton writes. “Despite these faults, TP-Link’s websites, blogs, and advertisements continue to insist its products maintain consumers’ privacy and security in totality.”

Paxton also accuses TP-Link Systems Inc. of failing to disclose that, under Chinese law, it is obligated to share consumers’ personal data it collects from apps used to operate its networking and smart home devices with the Chinese government. This claim mirrors claims Paxton made in lawsuits filed in December against smart TV makers Hisense and TCL, which are partially owned by the Chinese government. Paxton also accused those companies of failing to inform consumers that they were obligated to share their data with the Chinese government.

In the lawsuit, Paxton notes that Texas Governor Greg Abbott recently added TP-Link to a list of prohibited technologies for state employees and devices.

Paxton seeks civil monetary penalties against TP-Link Systems Inc. as well as temporary and permanent injunctions requiring the company to represent its networking and smart home devices as “Made in China” rather than Vietnam, to cease representing to Texas consumers that its products are secure and to not collect, use or disclose consumers’ data without their informed consent.

Paxton said in a statement announcing the lawsuit that it is the first in a series of lawsuits his office will file this week against “CCP-aligned companies.”

“TP-Link will face the full force of the law for putting Americans’ security at risk,” Paxton said in the statement. “Let this serve as a clear warning to any Chinese entity seeking to compromise our nation’s security.”

In a statement to Courthouse News Service, a spokesperson for TP-Link Systems Inc. said the claims in the lawsuit “are without merit and will be proven false.”

“TP-Link Systems Inc. is an independent American company,” the spokesperson said. “Neither the Chinese government nor the CCP exercises any form of ownership or control over TP-Link, its products, or its user data. TP-Link’s founder and CEO, Jeffrey Chao, resides in Irvine, CA, and is not and never has been a member of the CCP. To ensure the highest level of security, our core operations and infrastructure are located entirely within the United States, and all U.S. users’ networking data is stored securely on Amazon Web Services servers. We will continue to vigorously defend our reputation as a trusted provider of secure connectivity for American families.”