US court hits Israeli spyware firm NSO with $167m fine over Pegasus abuses

A federal jury in California has ordered Israeli surveillance firm NSO Group to pay Meta $167 million in punitive damages, marking the first time a court has imposed financial liability on a spyware vendor for abuses linked to its software.

The ruling sends a strong signal that private firms profiting from invasive surveillance technology will not be shielded by their association with government clients. After a single day of deliberation, jurors found that NSO had acted with “malice, oppression or fraud” in deploying its Pegasus spyware against 1,400 WhatsApp users.

Pegasus, which grants near-total access to a target’s device, including microphones, cameras and encrypted messages, was used not against criminals, but journalists, human rights defenders and political dissidents. Meta, which owns WhatsApp, described the hacking as “despicable” and a clear violation of privacy rights.

NSO has long claimed that its spyware is sold only to vetted state clients for national security purposes. However, investigations have shown Pegasus being deployed to facilitate transnational repression by authoritarian regimes.

The previous US administration blacklisted NSO over its role in such abuses, making it the first company added to the US entity list for enabling state surveillance. The jury’s decision is expected to add pressure on Washington to further regulate the commercial spyware sector.

While the financial penalty may prove difficult to collect, the judgement itself sets a precedent: spyware firms can be held directly accountable in US courts, regardless of the state affiliations of their customers.

In doing so, the case reframes digital privacy not merely as a user expectation, but as a civil right  and signals that the impunity long enjoyed by private surveillance actors is coming to an end.