Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users

NSO Group, the organization behind the Pegasus spyware, has been found liable in a lawsuit brought by Meta’s WhatsApp over attacks on about 1,400 devices, as reported by The Record.

WhatsApp originally filed the suit in 2019, and investigations have found that Pegasus has been used to hack phones belonging to groups like activists, journalists, and government officials.

NSO Group is liable for charges of violation of the Computer Fraud and Abuse Act, violation of the California Comprehensive Computer Data Access and Fraud Act, and breach of contract, according to today’s ruling. A trial will now move forward “only on the issue of damages.” The spyware maker has argued that it isn’t liable because Pegasus was operated by clients investigating crimes and cases of national security but the judge rejected those arguments, which could establish a precedent for other companies in the same business.

“This ruling is a huge win for privacy,” Will Cathcart, the head of WhatsApp, says in a Threads post. “We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions. Surveillance companies should be on notice that illegal spying will not be tolerated.”

NSO Group didn’t immediately reply to a request for comment.