A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately $168 million in damages to WhatsApp.
The verdict, delivered on Tuesday, represents a pivotal victory in the ongoing global battle against commercial cyberespionage and sets a new precedent for the accountability of spyware vendors.
The ruling concludes a six-year legal saga between Meta Platforms, the parent company of WhatsApp, and NSO Group, which had used its Pegasus spyware to compromise devices of the messaging app’s users worldwide.
.png
)
At the heart of the dispute were revelations that Pegasus exploited a ‘zero-click‘ vulnerability, enabling the compromise of phones without any action required by the user.
This gave attackers unprecedented access to messages, emails, calls, and even cameras and microphones-putting the privacy of about 1,400 individuals, including journalists, human rights defenders, and government officials across 20 countries, at grave risk.
WhatsApp first filed suit in 2019 after detecting the hacks. The jury awarded $444,719 in compensatory damages to cover WhatsApp’s costs in patching the exploited flaws and a further $167.3 million in punitive damages, designed to deter similar acts of unlawful surveillance in the future.
This landmark decision follows an earlier December ruling by Judge Phyllis Hamilton, who declared that NSO Group had violated anti-hacking statutes and breached WhatsApp’s terms of service.
Meta quickly hailed the jury’s decision as a “significant advancement for privacy and security,” emphasizing it as the first major judicial triumph over the use of unlawful spyware.
WhatsApp’s head, Will Cathcart, described the outcome as a “critical deterrent to the spyware industry against their unlawful activities directed at American companies and our global users.”
The case also served to shine a rare spotlight on the commercial spyware industry. Testimony during the trial revealed that NSO charged its government clients millions to hack target devices and continued updating Pegasus-even after WhatsApp patched vulnerabilities and launched its lawsuit.
NSO Group, meanwhile, has maintained that its technology is intended to combat crime and terrorism, and has stated that it plans to appeal the verdict.
The company argues that the jury was not permitted to consider evidence showing alleged legitimate use of Pegasus by government agencies.
Legal experts and human rights advocates say the verdict is a watershed moment, setting a crucial precedent for how courts might hold spyware vendors accountable for privacy abuses.
Meta has announced it will donate any collected damages to organizations working to defend against spyware threats.
As the global spyware industry expands, this decision is expected to shape the debate on surveillance, privacy, and the obligations of technology companies for years to come.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
