A former member of the European Parliament was infected with Pegasus spyware on at least two occasions while serving on the parliamentary committee charged with investigating the technology’s abuse, according to a report published Friday by the Citizen Lab.

Stelios Kouloglou, who represented Greece in the European Parliament from 2015 to 2024, had his phone compromised in October 2022 and again in March 2023. Both infections occurred during critical phases of the so-called PEGA Committee’s work, with the first attack arriving less than a week before a series of major committee hearings and a draft report release. The second infection coincided with intense internal deliberations over the committee’s final recommendations, which were ultimately published in May 2023.

Shared Infrastructure Links to Broader Campaign

Citizen Lab researchers assess that the same Pegasus operator is responsible for both the Kouloglou infections and a separate cluster of attacks disclosed in a May 2024 report. Those earlier incidents targeted seven Russian and Belarusian-speaking journalists and opposition figures between August 2020 and January 2023. A specific email identifier used against Kouloglou was also deployed in those attacks during the same timeframe. Because such identifiers are unique to individual operators, Citizen Lab concluded that the same government customer is likely responsible for both sets of intrusions.

The researchers also noted that only certain Pegasus customers hold licenses permitting operations across multiple countries, narrowing the pool of potential culprits. Kouloglou himself believes the Greek government was responsible, though Citizen Lab stated it has no evidence supporting that attribution. Greece has been involved in a separate spyware controversy, but that case involved tools from Intellexa rather than NSO Group’s Pegasus.

Missed Alerts and Institutional Inaction

Kouloglou brought his device to Citizen Lab for analysis in May 2026. Researchers found evidence that he had received three Apple threat notifications warning of potential spyware activity over recent years, none of which he reported seeing.

Citizen Lab researcher John Scott-Railton warned the problem is far from contained. “I would bet that there are members of the European Parliament today walking around with no idea that their phone in their pocket has been turned into a spy,” he said.

Hannah Neumann, a German Green Party MEP who served as the PEGA Committee’s lead negotiator, described the incident as an attack on democratic oversight itself. “It shows a total disregard for Parliamentarians’ role to scrutinize and, as such, for European democracy,” she said. Neumann also expressed frustration that the European Commission has largely ignored the committee’s 2023 recommendations, attributing the inaction to member states’ reluctance to curtail spyware tools used in intelligence and law enforcement contexts.

Personal and Legal Fallout

Kouloglou, a longtime investigative journalist before his parliamentary career, said the compromised device held fifteen years of personal and professional communications, including exchanges with heads of government, political party leaders, and journalists. He has stated his intention to sue NSO Group. NSO Group did not respond to requests for comment.

The episode reinforces longstanding concerns that commercial spyware is being turned against the institutions meant to regulate it, and that existing notification mechanisms are insufficient to protect high-risk targets.