Back to Blog
LegalTech & IA

£300,000 Fine for Sending 5.5 Million Illegal Texts to Struggling Debtors

NakedPact Editorial Committee
Reviewer: Carmelo G.
Comitato Editoriale NakedPact
July 8, 2026
10 min read
£300,000 Fine for Sending 5.5 Million Illegal Texts to Struggling Debtors

When Spam Preys on the Vulnerable

Imagine being already buried in debt, and then you get a text saying a bailiff is coming to seize your belongings. That's exactly what KRA Consultancy Ltd did—over 5.5 million times. The UK's Information Commissioner's Office (ICO) just hit them with a £300,000 fine for sending illegal direct marketing messages, including fake bailiff texts, to people in financial distress.

This isn't just a slap on the wrist. It's a clear signal that regulators are watching, and they have zero tolerance for spam that exploits the vulnerable.

What Did KRA Consultancy Do Wrong?

KRA Consultancy, a company that offers debt management services, sent millions of unsolicited texts without proper consent. Many of these messages falsely claimed to be from bailiffs or court officials, designed to scare recipients into paying up. The ICO found that KRA had no legitimate basis for sending these messages and had ignored prior warnings.

Think of it like this: you wouldn't walk into a hospital waiting room and start shouting fake emergency alerts to scare patients into buying your products. That's essentially what KRA did, but digitally.

KRA Consultancy was fined for sending over 5.5 million illegal direct marketing texts without consent, including false bailiff messages targeting financially vulnerable people. The ICO deemed this a serious breach of UK privacy laws, leading to the maximum penalty.

In the UK, direct marketing by text or email is governed by the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR. Under PECR, you generally need prior consent to send marketing texts, unless there's an existing customer relationship and you're marketing similar products. KRA had neither.

The ICO can fine up to £500,000 for PECR breaches, or up to 4% of annual turnover under GDPR. This £300,000 fine shows they're not afraid to use their powers.

Lessons for Your Business

If you're doing any kind of direct marketing, here's what to take away:

  • Get proper consent: Don't assume you can buy lists or scrape numbers. Consent must be freely given, specific, informed, and unambiguous.
  • Don't mislead: Fake bailiff texts are obviously illegal, but even exaggerating the consequences of not buying your product can land you in hot water.
  • Respect opt-outs: If someone says stop, you stop. Immediately.
  • Check your data sources: If you're using third-party data, verify it was collected lawfully.

Ignorance is no excuse. The ICO has published clear guidance on direct marketing rules.

Why This Matters Beyond the Fine

This case is a reminder that data protection isn't just about avoiding fines—it's about treating people with respect. The victims here were already struggling, and KRA's tactics added stress and fear. Regulators are increasingly focusing on vulnerable groups, and businesses that prey on them will face severe consequences.

So, before you hit 'send' on that next marketing blast, ask yourself: would I be okay receiving this message if I were in their shoes? If the answer is no, don't send it.

FAQ

What is PECR?

The Privacy and Electronic Communications Regulations (PECR) are UK laws that govern electronic marketing, including texts, emails, and cookies. They require consent for most direct marketing messages.

Can I send marketing texts to existing customers?

Yes, but only if you obtained their contact details in the course of a sale or negotiation, and you're marketing similar products or services. You must also give them an easy way to opt out.

What should I do if I receive spam texts?

Report them to the ICO or your mobile provider. You can also forward spam texts to 7726 (which spells 'SPAM') for free.

✅ Marketing Compliance Checklist

NakedPact Logo

NakedPact Editorial Committee

Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.

Do you own a website?

Do you own a website?

Want to communicate your data processing transparency to your users? Dynamically use our badge and showcase your platform's compliance.

🛡️ Protect your rights with one click

Don't risk signing abusive clauses. Install the free NakedPact extension for Chrome or Firefox and instantly analyze any contract on the web.

Don't trust, verify.

Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.

Analyze Your Contract Now

Rispettiamo la tua privacy

Usiamo i cookie per migliorare la tua esperienza e personalizzare gli annunci. Scopri di più.

NakedPact Logo

Estensione Chrome

Analizza i contratti e i Termini di Servizio direttamente sul tuo browser con l'estensione NakedPact.