UK data watchdog fines consultancy firm £300K for flooding people with millions of illegal texts
The Information Commissioner’s Office (ICO) has issued a fine of £300,000 to a Manchester-based consultancy firm for sending millions of unlawful text messages to people in debt. They included fake bailiff threats designed to pressure and intimidate recipients.
-
A Manchester consultancy was fined £300,000 by the ICO for sending more than 5.5 million unsolicited marketing texts.
-
Messages targeted people in debt and included fake bailiff threats designed to pressure recipients into responding.
-
The ICO received over 60,000 complaints, alongside thousands more reports via mobile networks.
-
Investigators found the firm had no proper consent checks and continued messaging even during the probe.
KRA Consultancy Ltd, a Manchester-based consultancy firm, sent over 5,575,715 unsolicited direct marketing texts between April 2022 and May 2025, promoting its debt solutions to people who had already been turned down for loans.
Over 60,000 people complained to the ICO about these text messages. Furthermore, mobile network operator Mobile UK received 7,726 spam reports.
In addition to the promotional text messages, the consultancy firm also sent fabricated bailiff threats solely to frighten debtors into engaging with the company’s debt services.
“We have attempted on numerous occasions to contact you without any success. This matter has escalated further, and an enforcement agent will attend ****** within 48 hours to remove your goods as per a Court Order. If you are on any legal/debt plan, you will need proof readily available,” the text message said.
During the ICO’s investigation, search warrants were conducted at the company’s headquarters and the company director Khuram Rezvan Ahmad’s house. The consultancy firm continued sending unsolicited messages, leading to 161 new complaints.
The firm also didn’t attempt to check whether the loan data was accurate or whether the recipients had consented to receive marketing messages. In a response, director Ahmad said that he “couldn’t give a f***” if the data set was old, “as long as it’s making money.”
Has your password leaked?
According to Andy Curry, Head of Investigations at the ICO, the Manchester-based consultancy firm showed complete disregard for the law, which is why the company was fined £300,000.
“People in financial difficulty deserve support, not exploitation. KRA deliberately sought these people out, knowing they might be especially susceptible to this kind of high-pressure marketing, and bombarded them with illegal texts. When that wasn't enough, they sent fake threats telling people bailiffs were coming to their homes to remove their belongings. This was a calculated, unlawful scheme, and it caused real fear and distress to people who were already struggling with debt,” Curry said in a statement.
Alongside the monetary penalty, the ICO also issued an enforcement notice, ordering the company to stop sending marketing messages without consent within 30 days.
Unlock more exclusive Cybernews content on YouTube.
