A Manchester company has been hit with one of the largest nuisance marketing fines in recent years after it deliberately targeted people already struggling with debt, deluging them with millions of unlawful texts and, in some cases, fake threats that bailiffs were on their way.
The Information Commissioner’s Office (ICO) has fined KRA Consultancy Ltd £300,000 after finding that the firm sent 5,575,715 unsolicited direct marketing texts between April 2022 and May 2025. The messages pushed debt solutions at people who had already been turned down for loans, a group the regulator says the company knew would be especially vulnerable to high-pressure tactics.
The scale of the operation is reflected in the response it provoked. More than 60,000 complaints were logged with the ICO and through Mobile UK’s 7726 spam reporting service, making this one of the most heavily reported campaigns the watchdog has dealt with.
What lifts the KRA case above the usual run of spam enforcement is the content of some of the messages. Alongside the marketing texts, the firm sent fabricated bailiff threats engineered to scare people into engaging with its debt services. They went out under the sender ID ‘DEMAND’ and read:
“We have attempted on numerous occasions to contact you without any success. This matter has escalated further and an Enforcement agent will attend ****** within 48 hours to remove your goods as per Court Order. If you are on any legal/debt plan you will need proof readily available.”
Internal WhatsApp messages recovered during the investigation show company director Khuram Rezvan Ahmad referring to these threats with the euphemism ‘coaching’. In one exchange he wrote: “Get through as much as and pitch whatever. Don’t worry about forcing anything back because the coaching will take care of that tomorrow morning.”
The ICO’s investigation, which included search warrants executed at KRA’s offices and at Ahmad’s home, paints a picture of a business that understood it was breaking the law and tried to cover its tracks. Ahmad approached a telecoms provider in China seeking assurances that the bulk texts could be made “completely untraceable”. Even after the search warrants, the firm went back to its unlawful marketing, generating a further 161 complaints.
The company also made no effort to verify whether its loan-decline data was accurate or whether recipients had ever consented to marketing. Challenged internally about data that was three years old, Ahmad was blunt: “Am I confident on the data set? As long as I’m doing the cases I don’t really give a f*** if it’s old as long as it’s making money.”
Andy Curry, Head of Investigations at the ICO, did not mince his words. “People in financial difficulty deserve support, not exploitation. KRA deliberately sought these people out, knowing they might be especially susceptible to this kind of high-pressure marketing, and bombarded them with illegal texts. When that wasn’t enough, it sent fake threats telling people bailiffs were coming to their homes to remove their belongings. This was a calculated, unlawful scheme, and it caused real fear and distress to people who were already struggling with debt.”
He added: “KRA showed complete disregard for the law throughout our investigation and this £300,000 fine, one of the largest for nuisance marketing in recent years, reflects that. It should leave no doubt that we will pursue any company that thinks it can evade the law and prey on the public.”
For the overwhelming majority of firms that market within the rules, the KRA case is a useful reminder of where the lines sit. Under the Privacy and Electronic Communications Regulations (PECR), businesses must have clear, specific consent before sending direct marketing texts, and they must be able to evidence both that consent and the provenance of the data behind it. Buying in aged or unverified lists, as KRA did, is precisely the practice the regulator is targeting, and the ICO’s enforcement action shows the watchdog increasingly willing to follow the money to company directors personally.
It is also part of a clear pattern of escalation. The ICO has been steadily raising penalties for spam marketing, and earlier cases such as the £495,000 in fines handed to firms over millions of intrusive messages signalled the direction of travel. This is not the first Greater Manchester operation to attract the regulator’s attention either, following earlier raids on addresses in the region over 11 million nuisance texts. With the cost of breaking anti-spam rules reaching new highs, the message to any business tempted to cut corners on consent is unambiguous: the economics no longer add up.
Anyone who receives a suspicious marketing text can report it free of charge by forwarding it to 7726, and complaints of this kind feed directly into the regulator’s monitoring of nuisance marketing.