Who were the primary targets of the banned Israeli spyware and what data was compromised?

1. Who were the primary targets — the investigative record

Researchers, victims and courts repeatedly identify civil-society figures as core targets: journalists, lawyers, human-rights defenders and diplomats appear across forensic reports and litigation. Meta’s lawsuit accused NSO of targeting “journalists, lawyers and human rights activists” and evidence at trial led a judge to enjoin NSO from targeting WhatsApp users ^{[5] [4]}. Citizen Lab and the Associated Press linked Paragon/Graphite use to prominent European journalists and editors, saying the spyware was used against at least three journalists in Europe ^[2].

2. What data and device functions were compromised — technical impact

When deployed successfully, these tools can take over a phone — extracting texts and photos, tracking location, turning on microphones and cameras, and harvesting data from encrypted messaging apps by accessing the device before or after app-level encryption ^{[3] [1]}. Meta’s case described Pegasus exploiting WhatsApp to silently install spyware that extracted user data and allowed remote control of devices ^[6]. Reports expressly note the ability to “open and read information held on encrypted applications, like WhatsApp or Signal” ^[3].

3. Collateral victims and network effects

Reporting and advocacy pieces emphasise that people can be targeted indirectly because of who they communicate with: contacts of a primary target — friends, family, colleagues — can become “collateral” victims, multiplying the number of compromised phones beyond the intended list ^{[7] [2]}. Amnesty, Forbidden Stories and others have chronicled broad lists of affected numbers submitted for hacking and have warned of widespread reach ^{[8] [9]}.

4. Scale and specific figures cited in reporting and court filings

Meta and related coverage cite concrete tallies: the WhatsApp litigation alleged the spyware compromised the privacy of about 1,400 activists, journalists and diplomats via WhatsApp servers in 2019; earlier jury findings initially awarded Meta $168 million before a judge reduced it ^{[4] [1]}. The Associated Press reported Paragon’s Graphite was used to target around 90 WhatsApp users across more than two dozen countries, primarily in Europe, according to Meta ^[2].

5. Corporate claims and government oversight — competing narratives

NSO and some vendors assert they sell spyware only to vetted government law‑enforcement and counterterrorism customers and deny being “tools” of states or having backdoors; critics and courts counter that proof shows redesigns to evade detection and that customers misused the tools to target civil‑society ^{[5] [1]}. Amnesty and other watchdogs assert Israeli authorities have hindered transparency and that export controls and oversight have been inadequate given human‑rights risks ^{[9] [10]}.

6. Legal and policy responses to the harms described

U.S. courts have taken concrete steps: a federal judge issued an injunction barring NSO from targeting WhatsApp users, citing “irreparable harm,” and reduced—but did not entirely uphold—the earlier damages award ^{[5] [4]}. U.S. and international scrutiny includes blacklisting and sanctions in previous years and demands from lawmakers for information about U.S. agencies’ use of such tools ^{[3] [11]}.

7. Limits of the available reporting and open questions

Available sources document many high‑profile targets and specific incidents, but do not provide a public, comprehensive list of every person or phone number affected worldwide; detailed attribution of every deployment to particular government clients is often not publicly documented in these sources (available sources do not mention a single, complete public master list of all victims) ^{[2] [1]}. Forensic attribution and secrecy around intelligence procurements limit a complete picture of scope, who authorized specific hacks, and whether state actors beyond named cases had access or oversight ^{[9] [11]}.

8. What to watch next — policy and accountability signals

Courts enjoining vendor access to major platforms (WhatsApp), watchdog reporting (Citizen Lab/AP), and legislative probes of U.S. agency use of foreign spyware indicate continued pressure on vendors and purchasers; these actions may produce more public records and limits on operational deployment, but available reporting shows vendors and some governments continue to contest or defend their practices ^{[6] [2] [11]}.