Payday loan firm hit by £175k fine for sending spam texts
First Financial blasted by ICO over text message campaign that's already landed it in hot water with the ASA.

A payday loan company has been fined 175,000 for sending out millions of unlawful SMS messages, prompting thousands of complaints to the Information Commissioner's Office (ICO).
The data protection watchdog ruled First Financial's actions constituted a breach of the Privacy and Electronic Communications Regulations (PECR), and fined the company accordingly.
The guidance states organisations must have an individual's consent before sending them text-based marketing messages.
We are currently speaking with the Government to get the legal bar lowered, allowing us to take action at a much earlier stage.
The ICO received 4,031 complaints about the text messages, which included statements such as: "Hi Mate hows u? I'm still out in town, just got 850 in my account from these guys," followed by a link to the company's website.
The text messages were sent from unregistered SIM cards but, with messages regularly referring readers to the company's URL, the ICO was able to trace the source.
The missives were previously at the centre of an investigation by the Advertising Standards Agency (ASA), after 13 people complained the texts were unsolicited and suggested payday loans were an acceptable way to fund days out and social activities.
The complaints were upheld by the ASA, who ruled the messages should not appear again in their current form.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
It's not the first time the company's actions have come to the attention of the ICO, as it was prosecuted under the Data Protection Act in October for failing to register the business was processing personal information.
In the lead up to the court hearing in that case, the company's sole director Hamad Shabani tried to remove his name from First Financial's listing with Companies House.
Simon Entwisle, director of operations at the ICO, said Shabani's actions in the previous case speak volumes.
"People are fed up with this menace and they are not willing to be bombarded with nuisance calls and text messages at all times of the day trying to get them to sign up to high interest loans. The fact that this individual tried to distance himself from the unlawful activities of his company shows the kind of [people] we're dealing with here.
"We will continue to target these companies that continue to blight the daily lives of people across the UK. We are also currently speaking with the Government to get the legal bar lowered, allowing us to take action at a much earlier stage," Entwisle added.
-
The IT industry’s shift to circular, low-carbon solutions
Maximize your hardware investment and reach your sustainability goals with HP’s Renew Solutions
-
Lenovo ThinkPad X9 14 Aura Edition review
Reviews This thin and light ultraportable will draw you in with its vibrant screen – but it isn't as powerful as some of its competitors
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuse
News The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims
News Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlash
News UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime Agency
News The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failures
News The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firms
News Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failures
News The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaign
News HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled