Huawei was able to eavesdrop on all conversations taking place on one of the Netherlands' largest mobile networks, according to a Dutch newspaper report.
Huawei staff both in the Netherlands and in China were able to eavesdrop on all mobile numbers on the KPN network, according to an internal report from 2010, including then Prime Minister Jan Peter Balkenende and Chinese dissidents living in the Netherlands.
The allegation will raise fresh fears over the use of the Chinese company's technology in mobile networks around the world.
The report, which was obtained by Dutch newspaper de Volkskrant, suggested that publishing these findings could severely damage KPN's reputation. The operator had 6.5m subscribers at the time.
The report said: "The continued existence of KPN Mobile is in serious danger because permits may be revoked or the government and businesses may give up their confidence in KPN if it becomes known that the Chinese government can eavesdrop on KPN mobile numbers and shut down the network."
The report also found Huawei staff had the ability to decipher which numbers were tapped by Dutch police and intelligence services.
At the time of the security flaw, KPN's network had already been warned by the domestic security service AIVD about the risks of working with Huawei.
However, the telecoms operator asked consulting firm Capgemini to analyse the risks and look into how the Chinese telecoms giant behaved within KPN.
Martijn Rasser, a senior fellow at The Center for a New American Security, said: "What's important about this report is that it validates so much of what security experts have been saying about the risks of a company like Huawei on your networks."
A spokesperson for KPN told Dutch news agency ANP that "it has never been established in all years that customer data was stolen by Huawei from our networks or our customer systems, or that it has been tapped".
The company said if evidence had been found, it would have "certainly informed the appropriate authorities and our customers".
Huawei refuted the claims, saying it had never been held accountable by government authorities for "unauthorised acts" since it began operating in the Netherlands 15 years ago.
It said: "Huawei employees have not had unauthorised access to KPN's network and data, nor have they extracted data from that network. Huawei has at all times worked under the explicit authorisation of KPN."
KPN was one of the first European network operators to remove Huawei from its core 5G mobile network, choosing Swedish firm Ericsson as a replacement last year.
But the network awarded several telecoms contracts to Huawei after the Capgemini report was produced, including to provide elements of KPN's 2G, 3G, and 4G core networks.
Mr Rasser said: "That's extremely significant that the company has swept this under the rug. I would expect Dutch authorities to launch an investigation into this because it's a national security risk for the Netherlands but also the Netherlands is a trusted partner in intelligence with key Western countries.
"It's a NATO ally and if you consider the infrastructure that NATO has within the Netherlands, I would expect NATO leadership to be asking some very hard questions about this as well."
Last year, the UK banned Huawei equipment being used in the country's 5G networks from September 2021, following fears the company's involvement could leave Britain vulnerable to espionage.
- Telegraph Media Group