Texas Attorney General Ken Paxton has launched an investigation into a China-founded network equipment maker over potential violations of state law, alleging that the company may have shared consumer data with China’s communist regime.

Paxton announced the investigation against TP-Link Systems on Oct. 6. His office explained that the inquiry will look into whether the California-headquartered company, a spin-off from China’s TP-Link located in the southern Chinese city of Shenzhen, has “misled consumers about the degree of its independence from the Chinese.”

According to the company’s website, TP-Link Systems “no longer has any affiliation” with Shenzhen-headquartered TP-LINK Technologies, following their separation that began in 2022 and was completed in 2024.

In addition to concerns about the company’s ownership structure, Paxton’s office said the investigation will examine whether TP-Link products contain vulnerabilities—such as back doors—that could allow Beijing to access “consumers’ network traffic and run bot networks.”

The investigation will also determine whether the company’s products “improperly collect or disclose consumer data in violation of Texas privacy law,” the attorney general’s office stated.

“If Big Tech is giving Chinese communists access to Americans’ data, there is no question that they’re using that data against us,” Paxton said in a statement.

“I will not allow any company to sell us out to our greatest geopolitical enemy. If TP Link is violating Texas law and jeopardizing Americans, my office will do everything in our power to hold them accountable.”

Paxton’s office said the investigation became necessary after TP-Link “failed to provide an adequate response” to its warnings in May.

In May, Paxton issued formal warnings to several companies that he described as affiliated with the Chinese Communist Party (CCP), including TP-Link, and gave them 30 days to comply with the Texas Data Privacy and Security Act. This action was part of Paxton’s data privacy and security initiative that he launched in June 2024.

In response to an email inquiry from The Epoch Times, TP-Link Systems dismissed Paxton’s concerns and stated that it is “prepared to cooperate fully with the Attorney General.”

“TP-Link complies with U.S. laws, including state privacy laws, and is 100 [percent] committed to its U.S. customers. TP-Link is not affiliated with the Chinese government, nor does it share U.S. user data with the Chinese government,” TP-Link Systems stated.

TP-Link Ties Probed

In May, a bicameral group of 17 Republican lawmakers, led by Sen. Tom Cotton (R-Ark.) and Rep. Riley Moore (R-W.Va.), sent a letter to Commerce Secretary Howard Lutnick, urging him to ban further sales of TP-Link products in the United States.

“TP-Link’s deep ties to the [CCP], use of predatory pricing to eliminate trusted U.S. alternatives, and role in embedding foreign surveillance and destructive capabilities into our networks render it a clear and present danger,” they stated in the letter.

In April, a group of Republican House members, led by Rep. August Pfluger (R-Texas), sent a letter to Federal Communications Commission chairman Brendan Carr, urging him to use the Council for National Security that he had established a month earlier to mitigate cybersecurity risks associated with unsecured networks.

Their letter suggested that the Federal Communications Commission take the immediate action of “prohibiting any new sales of TP-Link routers.”

“Multiple TP-Link routers have been added as to the National Institute of Science (NIST) National Vulnerability Database for containing a directory traversal vulnerability, allowing unauthenticated remote attackers to access sensitive files by sending specially crafted requests,” the April letter reads.

In March, Rob Joyce, former cybersecurity director at the National Security Agency, stated that TP-Link routers were “among the various brands exploited by Chinese state-sponsored hackers in the massive Volt, Flax, and Salt Typhoon attacks,” according to his written testimony provided to the House Select Committee on the CCP for a hearing in March.

China’s cyberthreat groups have repeatedly targeted the United States in recent years, with Volt Typhoon and Flax Typhoon targeting U.S. critical infrastructure and Salt Typhoon hitting U.S. telecommunication networks.

Joyce noted that TP-Link has gained a significant share of the U.S. retail market for Wi-Fi systems and home office routers.

“Imagine these routers in the homes and businesses across America as a PRC platform to launch society-panicking cyber attacks during an invasion of Taiwan,” he said, using the acronym for China’s official name under the CCP, the People’s Republic of China.

“We cannot have the software for these prolific devices be written, updated, and controlled by a Chinese company,” Joyce said. “By law, such a company is subject to the direction of the PRC Intelligence apparatus. This is a threat we cannot ignore.”