Your Office Router May Be Spying for China — Texas Just Sued the Maker
TP-Link controls 65% of the US home and small business router market — and federal investigators say Chinese state-sponsored hackers have been using those devices as a covert proxy network to attack US infrastructure. Now Texas is suing. A federal ban may be next. If you have a TP-Link router on your network, this one's urgent.
What Texas Is Alleging
Texas Attorney General Ken Paxton filed a lawsuit against TP-Link Technologies Co., Ltd. and its US subsidiary, alleging violations of the Texas Deceptive Trade Practices Act. The suit claims TP-Link knowingly sold routers and networking equipment containing serious, unpatched security vulnerabilities while marketing the products as secure and reliable. The AG's office alleges that TP-Link had significant ties to its Chinese parent company, creating a pathway for Chinese government-affiliated actors to access devices deployed in US homes and businesses. The lawsuit also alleges that TP-Link's marketing materials and website representations made affirmative claims about device security that were materially false or misleading.
The Federal Investigation Backdrop
The Texas lawsuit follows a broader federal investigation into TP-Link that has been underway since late 2024. The US Departments of Commerce, Defense, and Justice have all been examining TP-Link's ties to Chinese state-sponsored hacking groups. In December 2024, Microsoft's threat intelligence team published a report linking a network of compromised TP-Link routers to a Chinese hacking group tracked as Volt Typhoon — a state-sponsored actor known for targeting US critical infrastructure. The compromised routers were used as a proxy network to disguise the origin of attacks against US defense contractors, utilities, and government agencies. TP-Link devices account for approximately 65% of the US home and small business router market, making the potential scale of exposure significant.
The Deception Claims
Beyond the security vulnerability allegations, the Texas AG's suit focuses heavily on consumer deception. The complaint alleges that TP-Link's marketing materials, product packaging, and website representations made affirmative claims about device security that were materially false or misleading. Specifically, the suit cites TP-Link's claims of "enterprise-grade security," "advanced threat protection," and "regular security updates" as deceptive given the company's alleged failure to patch known vulnerabilities in a timely manner. The AG also alleges that TP-Link failed to adequately disclose the extent of data collection performed by its companion mobile apps and cloud services, including the transmission of network usage data to servers in China.
What This Means for Businesses Using TP-Link
If your business uses TP-Link routers, access points, or switches, this lawsuit and the underlying federal investigation should prompt an immediate security review. The core concern is twofold: first, unpatched vulnerabilities in TP-Link firmware that could allow attackers to compromise your network perimeter; second, the potential for data exfiltration through TP-Link's cloud services and the risk of Chinese government access to device telemetry. For businesses handling sensitive data — including healthcare organizations subject to HIPAA, businesses handling payment card data under PCI DSS, or DoD contractors under CMMC — the risk calculus strongly favors replacing TP-Link equipment with alternatives from vendors with a clearer security track record.
Recommended Actions for San Antonio Businesses
Segler.Net recommends the following steps for any business currently using TP-Link networking equipment. First, inventory all TP-Link devices on your network — routers, access points, switches, and any other TP-Link hardware. Second, update all TP-Link firmware to the latest available version immediately. Third, change all default administrator credentials and disable remote management features unless required. Fourth, review your TP-Link app and cloud account settings and disable any data sharing or cloud management features you do not actively use. Fifth, evaluate replacing TP-Link devices with alternatives — Ubiquiti, Netgear Business, Cisco Meraki, or Fortinet are all viable options depending on your budget and requirements. Segler.Net can assist with network equipment assessment and replacement planning.
- Audit your network for TP-Link devices — consider replacing them with routers from US-based or vetted vendors
- If you keep TP-Link devices, update firmware immediately and change all default credentials
- Disable remote management features on any TP-Link router unless absolutely necessary
- Segment TP-Link devices on a separate VLAN away from sensitive business systems
- Monitor CISA and FCC guidance — a federal ban on TP-Link sales may be forthcoming
Need Help With This Threat?
Our San Antonio security team can assess your exposure, apply patches, and protect your business before attackers strike.
Stay ahead of the next threat
Get weekly security alerts — breaches, patch updates, compliance news, and threat intel — delivered free to your inbox every week.