A federal judge just delivered a mixed victory for Meta's WhatsApp in its six-year legal battle against Israeli spyware maker NSO Group. While the court granted a permanent injunction blocking NSO from ever targeting WhatsApp users again, it dramatically slashed the company's damages payment from $167 million to just $4 million - a 97% reduction that highlights the complex legal terrain surrounding cybersecurity enforcement.
The gavel came down Friday in what Meta is calling a long-overdue victory against one of the world's most controversial spyware companies. U.S. District Judge Phyllis Hamilton's ruling permanently bars NSO Group from targeting WhatsApp users - but the financial penalty tells a different story about how courts handle cybersecurity violations.
The case traces back to 2019, when NSO Group's Pegasus spyware infiltrated more than 1,400 WhatsApp accounts worldwide. The targets weren't random - they included human rights activists, journalists, and civil society leaders across multiple continents. Meta sued NSO Group that same year, kicking off a legal marathon that would test the boundaries of accountability in the spyware industry.
Earlier this year, a jury sided decisively with WhatsApp, awarding $167 million in damages according to TechCrunch reporting. That figure reflected both compensatory damages and a hefty punitive component designed to deter future violations. But Judge Hamilton's Friday ruling reveals how differently courts can interpret the same evidence.
The judge capped punitive damages at a 9-to-1 ratio because the court "did not have enough evidence to determine that NSO Group's behavior was 'particularly egregious,'" according to court documents filed Friday. That legal standard - requiring proof of particularly egregious conduct for higher punitive ratios - effectively reduced NSO's payment to around $4 million.
The dramatic reduction highlights a persistent challenge in cybersecurity litigation: proving intent and egregiousness when dealing with companies that operate in legal gray areas. NSO Group has long maintained that its tools are designed for legitimate government surveillance of criminals and terrorists, not civil society targeting.
"We applaud this decision that comes after six years of litigation to hold NSO accountable for targeting members of civil society," WhatsApp Head Will Cathcart told Courthouse News Service. His statement emphasizes the injunction over the reduced damages, framing the outcome as a protection victory rather than a financial one.
